################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2026-05-20 15:44:16 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850562)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850562/; classtype:trojan-activity;sid:84713662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850563)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850563/; classtype:trojan-activity;sid:84713663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850560)"; flow:established,from_client; content:"GET"; http_method; content:"/file123"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vantarat.st"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850560/; classtype:trojan-activity;sid:84713660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850559)"; flow:established,from_client; content:"GET"; http_method; content:"/rem"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vantarat.st"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850559/; classtype:trojan-activity;sid:84713659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850558)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/gamble-rig/gambling-rig-1.21.x.jar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"donutsmpcheats.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850558/; classtype:trojan-activity;sid:84713658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850557)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/spawner-protect/spawnerprotect-1.21.11-n-15.jar"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"donutsmpcheats.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850557/; classtype:trojan-activity;sid:84713657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/krypton%201.21.1.jar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"v0-krypton-client-clone.vercel.app"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850556/; classtype:trojan-activity;sid:84713656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850555)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/glazed-addon/glazed-1.21.11-n-16.1.jar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"donutsmpcheats.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850555/; classtype:trojan-activity;sid:84713655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850552)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bedrock-base-finder/bedrock-triangulator-1.0.0.jar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"donutsmpcheats.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850552/; classtype:trojan-activity;sid:84713652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850553)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/fakepay/fakepay-1.21.x.jar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"donutsmpcheats.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850553/; classtype:trojan-activity;sid:84713653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.232.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850550/; classtype:trojan-activity;sid:84713650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850549)"; flow:established,from_client; content:"GET"; http_method; content:"/9cf24c3c-7f68-45b6-9cf8-a87013852c9c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qmzbbjle.microfloraresource.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850549/; classtype:trojan-activity;sid:84713649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850548/; classtype:trojan-activity;sid:84713648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.51.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850547/; classtype:trojan-activity;sid:84713647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.117.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850545/; classtype:trojan-activity;sid:84713645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850544)"; flow:established,from_client; content:"GET"; http_method; content:"/cc331331-caae-4f0b-a600-0d2f7330553a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bcypppaq.asynchronous-growth-platform.garden"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850544/; classtype:trojan-activity;sid:84713644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.51.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850543/; classtype:trojan-activity;sid:84713643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850542/; classtype:trojan-activity;sid:84713642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.59.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850541/; classtype:trojan-activity;sid:84713641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850540/; classtype:trojan-activity;sid:84713640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.137.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850539/; classtype:trojan-activity;sid:84713639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850538/; classtype:trojan-activity;sid:84713638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.9.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850537/; classtype:trojan-activity;sid:84713637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.150.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850536/; classtype:trojan-activity;sid:84713636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.137.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850535/; classtype:trojan-activity;sid:84713635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850534)"; flow:established,from_client; content:"GET"; http_method; content:"/28f46d6a-3b00-4312-940b-c4e5ffabbfb4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kampoxks.bloommanagementengine.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850534/; classtype:trojan-activity;sid:84713634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850533/; classtype:trojan-activity;sid:84713633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.59.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850532/; classtype:trojan-activity;sid:84713632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850531/; classtype:trojan-activity;sid:84713631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850530/; classtype:trojan-activity;sid:84713630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.9.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850528/; classtype:trojan-activity;sid:84713628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850527)"; flow:established,from_client; content:"GET"; http_method; content:"/35496a56-d84b-4eba-b61c-3e6370ecfc9c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerized-plant-system.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850527/; classtype:trojan-activity;sid:84713627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850526/; classtype:trojan-activity;sid:84713626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.155.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850525/; classtype:trojan-activity;sid:84713625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.203.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850524/; classtype:trojan-activity;sid:84713624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850523/; classtype:trojan-activity;sid:84713623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.155.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850522/; classtype:trojan-activity;sid:84713622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850521)"; flow:established,from_client; content:"GET"; http_method; content:"/2cea1817-eb95-4ad9-a81a-8a1bdfcdd4c8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraecosystemhub.garden"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850521/; classtype:trojan-activity;sid:84713621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850520/; classtype:trojan-activity;sid:84713620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.105.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850519/; classtype:trojan-activity;sid:84713619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850518/; classtype:trojan-activity;sid:84713618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.218.112.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850517/; classtype:trojan-activity;sid:84713617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.105.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850516/; classtype:trojan-activity;sid:84713616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850515)"; flow:established,from_client; content:"GET"; http_method; content:"/64bf73d9-7ab9-4010-bd91-6139f28aabc6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadow-processing-core.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850515/; classtype:trojan-activity;sid:84713615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.201.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850514/; classtype:trojan-activity;sid:84713614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.227.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850512/; classtype:trojan-activity;sid:84713612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850511)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.131.37.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850511/; classtype:trojan-activity;sid:84713611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.233.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850510/; classtype:trojan-activity;sid:84713610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.153.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850505/; classtype:trojan-activity;sid:84713605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850504)"; flow:established,from_client; content:"GET"; http_method; content:"/cl-ncl-start"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.143.1.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850504/; classtype:trojan-activity;sid:84713604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.22.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850503/; classtype:trojan-activity;sid:84713603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850500)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/security"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850500/; classtype:trojan-activity;sid:84713600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850501)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/runtimebroker.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850501/; classtype:trojan-activity;sid:84713601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850502)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/elevator"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850502/; classtype:trojan-activity;sid:84713602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850496)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/pjibf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850496/; classtype:trojan-activity;sid:84713596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850497)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/module"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850497/; classtype:trojan-activity;sid:84713597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850498)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/module2"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850498/; classtype:trojan-activity;sid:84713598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850499)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/component"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"fucktermedfir.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850499/; classtype:trojan-activity;sid:84713599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.201.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850494/; classtype:trojan-activity;sid:84713594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.112.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850491/; classtype:trojan-activity;sid:84713591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.112.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850488/; classtype:trojan-activity;sid:84713588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.5.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850486/; classtype:trojan-activity;sid:84713586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.230.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850485/; classtype:trojan-activity;sid:84713585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.5.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850482/; classtype:trojan-activity;sid:84713582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850481/; classtype:trojan-activity;sid:84713581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.157.47.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850480/; classtype:trojan-activity;sid:84713580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850478/; classtype:trojan-activity;sid:84713578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850477/; classtype:trojan-activity;sid:84713577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.72.161.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850473/; classtype:trojan-activity;sid:84713573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850471/; classtype:trojan-activity;sid:84713571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850472/; classtype:trojan-activity;sid:84713572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.65.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850470/; classtype:trojan-activity;sid:84713570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850468)"; flow:established,from_client; content:"GET"; http_method; content:"/56789023.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kevtel.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850468/; classtype:trojan-activity;sid:84713568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850465/; classtype:trojan-activity;sid:84713565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.160.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850464/; classtype:trojan-activity;sid:84713564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850463/; classtype:trojan-activity;sid:84713563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.50.148.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850462/; classtype:trojan-activity;sid:84713562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.58.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850459/; classtype:trojan-activity;sid:84713559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850458/; classtype:trojan-activity;sid:84713558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.58.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850456/; classtype:trojan-activity;sid:84713556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.82.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850449/; classtype:trojan-activity;sid:84713549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.21.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850447/; classtype:trojan-activity;sid:84713547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850445)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.58.47.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850445/; classtype:trojan-activity;sid:84713545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.82.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850442/; classtype:trojan-activity;sid:84713542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.21.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850441/; classtype:trojan-activity;sid:84713541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.205.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850440/; classtype:trojan-activity;sid:84713540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.159.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850438/; classtype:trojan-activity;sid:84713538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"31.42.176.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850437/; classtype:trojan-activity;sid:84713537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.42.176.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850436/; classtype:trojan-activity;sid:84713536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.160.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850435/; classtype:trojan-activity;sid:84713535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.12.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850434/; classtype:trojan-activity;sid:84713534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850432/; classtype:trojan-activity;sid:84713532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.231.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850431/; classtype:trojan-activity;sid:84713531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.255.30.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850428/; classtype:trojan-activity;sid:84713528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.231.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850426/; classtype:trojan-activity;sid:84713526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.88.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850424/; classtype:trojan-activity;sid:84713524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.30.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850422/; classtype:trojan-activity;sid:84713522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.46.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850414/; classtype:trojan-activity;sid:84713514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.5.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850398/; classtype:trojan-activity;sid:84713498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.218.157.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850397/; classtype:trojan-activity;sid:84713497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850395/; classtype:trojan-activity;sid:84713495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.46.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850394/; classtype:trojan-activity;sid:84713494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.58.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850392/; classtype:trojan-activity;sid:84713492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.218.157.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850388/; classtype:trojan-activity;sid:84713488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.5.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850386/; classtype:trojan-activity;sid:84713486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850384/; classtype:trojan-activity;sid:84713484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.188.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850382/; classtype:trojan-activity;sid:84713482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.76.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850380/; classtype:trojan-activity;sid:84713480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.80.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850379/; classtype:trojan-activity;sid:84713479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.237.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850377/; classtype:trojan-activity;sid:84713477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.188.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850376/; classtype:trojan-activity;sid:84713476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.94.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850374/; classtype:trojan-activity;sid:84713474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.237.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850373/; classtype:trojan-activity;sid:84713473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.25.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850369/; classtype:trojan-activity;sid:84713469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.80.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850368/; classtype:trojan-activity;sid:84713468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.2.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850367/; classtype:trojan-activity;sid:84713467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.94.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850366/; classtype:trojan-activity;sid:84713466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.38.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850364/; classtype:trojan-activity;sid:84713464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.25.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850360/; classtype:trojan-activity;sid:84713460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850358/; classtype:trojan-activity;sid:84713458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.249.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850357/; classtype:trojan-activity;sid:84713457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850356)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850356/; classtype:trojan-activity;sid:84713456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.30.142.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850349/; classtype:trojan-activity;sid:84713449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850348/; classtype:trojan-activity;sid:84713448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850345/; classtype:trojan-activity;sid:84713445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850346)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850346/; classtype:trojan-activity;sid:84713446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850344)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850344/; classtype:trojan-activity;sid:84713444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850342)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850342/; classtype:trojan-activity;sid:84713442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.181.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850343/; classtype:trojan-activity;sid:84713443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850341/; classtype:trojan-activity;sid:84713441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.122.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850339/; classtype:trojan-activity;sid:84713439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.193.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850338/; classtype:trojan-activity;sid:84713438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850336/; classtype:trojan-activity;sid:84713436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850334/; classtype:trojan-activity;sid:84713434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.221.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850333/; classtype:trojan-activity;sid:84713433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.193.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850329/; classtype:trojan-activity;sid:84713429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.192.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850321/; classtype:trojan-activity;sid:84713421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.141.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850320/; classtype:trojan-activity;sid:84713420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.199.194.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850319/; classtype:trojan-activity;sid:84713419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850317/; classtype:trojan-activity;sid:84713417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.137.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850315/; classtype:trojan-activity;sid:84713415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.199.194.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850314/; classtype:trojan-activity;sid:84713414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.112.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850312/; classtype:trojan-activity;sid:84713412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850311/; classtype:trojan-activity;sid:84713411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850309)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850309/; classtype:trojan-activity;sid:84713409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850308)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850308/; classtype:trojan-activity;sid:84713408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850307)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850307/; classtype:trojan-activity;sid:84713407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850302)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850302/; classtype:trojan-activity;sid:84713402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850303)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850303/; classtype:trojan-activity;sid:84713403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850304)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850304/; classtype:trojan-activity;sid:84713404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850305)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850305/; classtype:trojan-activity;sid:84713405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850306)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850306/; classtype:trojan-activity;sid:84713406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850293)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850293/; classtype:trojan-activity;sid:84713393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850294)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850294/; classtype:trojan-activity;sid:84713394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850295)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850295/; classtype:trojan-activity;sid:84713395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850296)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850296/; classtype:trojan-activity;sid:84713396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850297)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850297/; classtype:trojan-activity;sid:84713397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850298)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850298/; classtype:trojan-activity;sid:84713398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850299)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850299/; classtype:trojan-activity;sid:84713399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850300)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850300/; classtype:trojan-activity;sid:84713400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850301)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850301/; classtype:trojan-activity;sid:84713401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.85.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850292/; classtype:trojan-activity;sid:84713392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850291)"; flow:established,from_client; content:"GET"; http_method; content:"/22a7ddea-a9f9-4d06-9bbe-488986abfa5d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vacuum-tube-amplifier.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850291/; classtype:trojan-activity;sid:84713391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850290/; classtype:trojan-activity;sid:84713390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.85.68.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850289/; classtype:trojan-activity;sid:84713389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850288)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850288/; classtype:trojan-activity;sid:84713388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850287)"; flow:established,from_client; content:"GET"; http_method; content:"/dcddbe35-9f45-4b34-a208-ed88ac5363a5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"perfect-bolognese-simmer.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850287/; classtype:trojan-activity;sid:84713387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.219.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850286/; classtype:trojan-activity;sid:84713386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.180.232.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850285/; classtype:trojan-activity;sid:84713385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850284)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/rozizkz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850284/; classtype:trojan-activity;sid:84713384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.219.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850283/; classtype:trojan-activity;sid:84713383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.189.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850282/; classtype:trojan-activity;sid:84713382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850281)"; flow:established,from_client; content:"GET"; http_method; content:"/68eddc74-bc47-4ee9-bcf6-067bc79f85cc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"abyssal-plain-topography.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850281/; classtype:trojan-activity;sid:84713381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.242.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850280/; classtype:trojan-activity;sid:84713380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.191.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850278/; classtype:trojan-activity;sid:84713378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.180.232.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850279/; classtype:trojan-activity;sid:84713379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850277)"; flow:established,from_client; content:"GET"; http_method; content:"/11/a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850277/; classtype:trojan-activity;sid:84713377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850276)"; flow:established,from_client; content:"GET"; http_method; content:"/12/a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850276/; classtype:trojan-activity;sid:84713376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.242.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850275/; classtype:trojan-activity;sid:84713375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.19.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850274/; classtype:trojan-activity;sid:84713374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.170.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850273/; classtype:trojan-activity;sid:84713373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850271)"; flow:established,from_client; content:"GET"; http_method; content:"/6/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850271/; classtype:trojan-activity;sid:84713371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850272)"; flow:established,from_client; content:"GET"; http_method; content:"/2/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850272/; classtype:trojan-activity;sid:84713372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850269)"; flow:established,from_client; content:"GET"; http_method; content:"/3/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850269/; classtype:trojan-activity;sid:84713369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850270)"; flow:established,from_client; content:"GET"; http_method; content:"/9/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850270/; classtype:trojan-activity;sid:84713370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.116.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850268/; classtype:trojan-activity;sid:84713368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850266)"; flow:established,from_client; content:"GET"; http_method; content:"/7/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850266/; classtype:trojan-activity;sid:84713366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850267)"; flow:established,from_client; content:"GET"; http_method; content:"/5/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850267/; classtype:trojan-activity;sid:84713367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.205.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850265/; classtype:trojan-activity;sid:84713365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850264/; classtype:trojan-activity;sid:84713364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850262)"; flow:established,from_client; content:"GET"; http_method; content:"/10/a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850262/; classtype:trojan-activity;sid:84713362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850263)"; flow:established,from_client; content:"GET"; http_method; content:"/8/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850263/; classtype:trojan-activity;sid:84713363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850261)"; flow:established,from_client; content:"GET"; http_method; content:"/4/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850261/; classtype:trojan-activity;sid:84713361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850260)"; flow:established,from_client; content:"GET"; http_method; content:"/1/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850260/; classtype:trojan-activity;sid:84713360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.88.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850259/; classtype:trojan-activity;sid:84713359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.60.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850258/; classtype:trojan-activity;sid:84713358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.90.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850257/; classtype:trojan-activity;sid:84713357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.19.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850256/; classtype:trojan-activity;sid:84713356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.3.245"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850255/; classtype:trojan-activity;sid:84713355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850254/; classtype:trojan-activity;sid:84713354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.248.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850253/; classtype:trojan-activity;sid:84713353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850252/; classtype:trojan-activity;sid:84713352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.156.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850251/; classtype:trojan-activity;sid:84713351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850250/; classtype:trojan-activity;sid:84713350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850249/; classtype:trojan-activity;sid:84713349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.235.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850248/; classtype:trojan-activity;sid:84713348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850247/; classtype:trojan-activity;sid:84713347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850246/; classtype:trojan-activity;sid:84713346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.37.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850245/; classtype:trojan-activity;sid:84713345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850244/; classtype:trojan-activity;sid:84713344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.17.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850243/; classtype:trojan-activity;sid:84713343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.156.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850242/; classtype:trojan-activity;sid:84713342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850241/; classtype:trojan-activity;sid:84713341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850240/; classtype:trojan-activity;sid:84713340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.106.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850239/; classtype:trojan-activity;sid:84713339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.124.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850238/; classtype:trojan-activity;sid:84713338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850236/; classtype:trojan-activity;sid:84713336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.28.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850237/; classtype:trojan-activity;sid:84713337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850235/; classtype:trojan-activity;sid:84713335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850230)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850230/; classtype:trojan-activity;sid:84713330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850231)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850231/; classtype:trojan-activity;sid:84713331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850232)"; flow:established,from_client; content:"GET"; http_method; content:"/boss.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850232/; classtype:trojan-activity;sid:84713332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850233)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850233/; classtype:trojan-activity;sid:84713333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850234)"; flow:established,from_client; content:"GET"; http_method; content:"/build_protected.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850234/; classtype:trojan-activity;sid:84713334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850229)"; flow:established,from_client; content:"GET"; http_method; content:"/verification.vrf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850229/; classtype:trojan-activity;sid:84713329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850228)"; flow:established,from_client; content:"GET"; http_method; content:"/test.tst"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.115.172.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850228/; classtype:trojan-activity;sid:84713328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850227/; classtype:trojan-activity;sid:84713327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850226/; classtype:trojan-activity;sid:84713326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850224)"; flow:established,from_client; content:"GET"; http_method; content:"/teste.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.149.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850224/; classtype:trojan-activity;sid:84713324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850223/; classtype:trojan-activity;sid:84713323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850222)"; flow:established,from_client; content:"GET"; http_method; content:"/javaws.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.149.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850222/; classtype:trojan-activity;sid:84713322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850221)"; flow:established,from_client; content:"GET"; http_method; content:"/bps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.149.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850221/; classtype:trojan-activity;sid:84713321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850220)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_decrypt.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.149.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850220/; classtype:trojan-activity;sid:84713320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850219/; classtype:trojan-activity;sid:84713319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.28.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850218/; classtype:trojan-activity;sid:84713318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.113.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850217/; classtype:trojan-activity;sid:84713317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850216/; classtype:trojan-activity;sid:84713316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.209.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850215/; classtype:trojan-activity;sid:84713315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.103.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850214/; classtype:trojan-activity;sid:84713314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850213/; classtype:trojan-activity;sid:84713313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.218.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850212/; classtype:trojan-activity;sid:84713312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850203)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850203/; classtype:trojan-activity;sid:84713303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850204)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850204/; classtype:trojan-activity;sid:84713304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850205)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850205/; classtype:trojan-activity;sid:84713305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850206)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850206/; classtype:trojan-activity;sid:84713306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850207)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850207/; classtype:trojan-activity;sid:84713307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850208)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850208/; classtype:trojan-activity;sid:84713308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850209)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850209/; classtype:trojan-activity;sid:84713309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850210)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850210/; classtype:trojan-activity;sid:84713310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850211)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850211/; classtype:trojan-activity;sid:84713311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850202)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"102.220.160.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850202/; classtype:trojan-activity;sid:84713302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850200)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850200/; classtype:trojan-activity;sid:84713300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850201)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850201/; classtype:trojan-activity;sid:84713301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850197)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850197/; classtype:trojan-activity;sid:84713297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850198)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850198/; classtype:trojan-activity;sid:84713298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850199)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850199/; classtype:trojan-activity;sid:84713299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850195)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850195/; classtype:trojan-activity;sid:84713295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850196)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850196/; classtype:trojan-activity;sid:84713296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850194)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850194/; classtype:trojan-activity;sid:84713294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850193)"; flow:established,from_client; content:"GET"; http_method; content:"/val-vip.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850193/; classtype:trojan-activity;sid:84713293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850192)"; flow:established,from_client; content:"GET"; http_method; content:"/val-vip.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850192/; classtype:trojan-activity;sid:84713292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850191/; classtype:trojan-activity;sid:84713291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850169/; classtype:trojan-activity;sid:84713269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850170/; classtype:trojan-activity;sid:84713270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850171)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.ppc_32"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850171/; classtype:trojan-activity;sid:84713271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850172)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.armv4_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850172/; classtype:trojan-activity;sid:84713272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850173)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850173/; classtype:trojan-activity;sid:84713273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850174)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.arm5_32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850174/; classtype:trojan-activity;sid:84713274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850175)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850175/; classtype:trojan-activity;sid:84713275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850176)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850176/; classtype:trojan-activity;sid:84713276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850177)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850177/; classtype:trojan-activity;sid:84713277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850178/; classtype:trojan-activity;sid:84713278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850179)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850179/; classtype:trojan-activity;sid:84713279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850180/; classtype:trojan-activity;sid:84713280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850181/; classtype:trojan-activity;sid:84713281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850182)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850182/; classtype:trojan-activity;sid:84713282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850183/; classtype:trojan-activity;sid:84713283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850184)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850184/; classtype:trojan-activity;sid:84713284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850185)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.arm7_32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850185/; classtype:trojan-activity;sid:84713285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850186)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850186/; classtype:trojan-activity;sid:84713286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850187)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.arm6_32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850187/; classtype:trojan-activity;sid:84713287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850188)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.mips_32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850188/; classtype:trojan-activity;sid:84713288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850189)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.x86_32"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850189/; classtype:trojan-activity;sid:84713289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850190)"; flow:established,from_client; content:"GET"; http_method; content:"/release/mynode.mpsl_32"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850190/; classtype:trojan-activity;sid:84713290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850168)"; flow:established,from_client; content:"GET"; http_method; content:"/release/all.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850168/; classtype:trojan-activity;sid:84713268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.186.230.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850167/; classtype:trojan-activity;sid:84713267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850166/; classtype:trojan-activity;sid:84713266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.83.31.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850165/; classtype:trojan-activity;sid:84713265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.83.31.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850162/; classtype:trojan-activity;sid:84713262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.83.31.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850163/; classtype:trojan-activity;sid:84713263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.26.115.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850164/; classtype:trojan-activity;sid:84713264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.83.31.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850161/; classtype:trojan-activity;sid:84713261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.83.31.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850160/; classtype:trojan-activity;sid:84713260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850159/; classtype:trojan-activity;sid:84713259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.52.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850158/; classtype:trojan-activity;sid:84713258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.24.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850157/; classtype:trojan-activity;sid:84713257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.100.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850156/; classtype:trojan-activity;sid:84713256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.52.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850155/; classtype:trojan-activity;sid:84713255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.100.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850154/; classtype:trojan-activity;sid:84713254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.78.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850153/; classtype:trojan-activity;sid:84713253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.103.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850152/; classtype:trojan-activity;sid:84713252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.100.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850151/; classtype:trojan-activity;sid:84713251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.78.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850150/; classtype:trojan-activity;sid:84713250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.7.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850149/; classtype:trojan-activity;sid:84713249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.241.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850148/; classtype:trojan-activity;sid:84713248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850147/; classtype:trojan-activity;sid:84713247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.210.196.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850146/; classtype:trojan-activity;sid:84713246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850145/; classtype:trojan-activity;sid:84713245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850144/; classtype:trojan-activity;sid:84713244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.210.196.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850143/; classtype:trojan-activity;sid:84713243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.218.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850142/; classtype:trojan-activity;sid:84713242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850141/; classtype:trojan-activity;sid:84713241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.240.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850140/; classtype:trojan-activity;sid:84713240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850139)"; flow:established,from_client; content:"GET"; http_method; content:"/f09ff42d-b909-4ff1-a435-32f0ac22a206/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"codepit-rized-denengine.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850139/; classtype:trojan-activity;sid:84713239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850138/; classtype:trojan-activity;sid:84713238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.168.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850137/; classtype:trojan-activity;sid:84713237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850136/; classtype:trojan-activity;sid:84713236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.239.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850135/; classtype:trojan-activity;sid:84713235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.240.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850134/; classtype:trojan-activity;sid:84713234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.8.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850133/; classtype:trojan-activity;sid:84713233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850132)"; flow:established,from_client; content:"GET"; http_method; content:"/54f141ac-8b34-4461-b0ab-f8aae19825f6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dampcaps-flor-sou-rail.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850132/; classtype:trojan-activity;sid:84713232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850131/; classtype:trojan-activity;sid:84713231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.191.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850130/; classtype:trojan-activity;sid:84713230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850129/; classtype:trojan-activity;sid:84713229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850128)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=64e5455a-eeac-4fad-99ca-7b85ca4e46e6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8xtx6dv2.gothiccathedralblueprint.digital"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850128/; classtype:trojan-activity;sid:84713228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850127/; classtype:trojan-activity;sid:84713227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850126)"; flow:established,from_client; content:"GET"; http_method; content:"/de971083-b8b0-4be8-9fe1-d6779c90848d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mendocs-opera-shub-cowddos.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850126/; classtype:trojan-activity;sid:84713226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.238.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850125/; classtype:trojan-activity;sid:84713225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.104.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850124/; classtype:trojan-activity;sid:84713224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.162.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850122/; classtype:trojan-activity;sid:84713222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.96.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850123/; classtype:trojan-activity;sid:84713223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.168.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850121/; classtype:trojan-activity;sid:84713221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.111.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850120/; classtype:trojan-activity;sid:84713220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.111.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850119/; classtype:trojan-activity;sid:84713219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850118)"; flow:established,from_client; content:"GET"; http_method; content:"/69de6905-f1fc-408e-a612-a49a123cfe40/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"agilebee-federate-growth-net.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850118/; classtype:trojan-activity;sid:84713218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.50.197.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850117/; classtype:trojan-activity;sid:84713217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.30.142.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850116/; classtype:trojan-activity;sid:84713216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.238.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850115/; classtype:trojan-activity;sid:84713215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.96.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850114/; classtype:trojan-activity;sid:84713214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.27.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850113/; classtype:trojan-activity;sid:84713213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.244.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850112/; classtype:trojan-activity;sid:84713212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.93.235"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850111/; classtype:trojan-activity;sid:84713211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850110/; classtype:trojan-activity;sid:84713210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.104.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850109/; classtype:trojan-activity;sid:84713209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850108/; classtype:trojan-activity;sid:84713208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.32.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850107/; classtype:trojan-activity;sid:84713207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.114.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850105/; classtype:trojan-activity;sid:84713205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850106/; classtype:trojan-activity;sid:84713206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850104)"; flow:established,from_client; content:"GET"; http_method; content:"/hvcs-0h91-09wd-ypdn/img_0atc3a.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850104/; classtype:trojan-activity;sid:84713204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.93.235"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850103/; classtype:trojan-activity;sid:84713203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850102/; classtype:trojan-activity;sid:84713202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850101)"; flow:established,from_client; content:"GET"; http_method; content:"/3bc5a6b4-1345-4198-b7c4-3619c2b2f2f3/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"modesix-iontel-scalapie-system.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850101/; classtype:trojan-activity;sid:84713201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850100/; classtype:trojan-activity;sid:84713200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.50.197.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850099/; classtype:trojan-activity;sid:84713199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.114.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850098/; classtype:trojan-activity;sid:84713198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850097/; classtype:trojan-activity;sid:84713197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.43.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850096/; classtype:trojan-activity;sid:84713196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850095)"; flow:established,from_client; content:"GET"; http_method; content:"/c4a980ae-43cb-4312-91df-8117e9fe6ceb/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"modelcut-auto-frame-nodipfs.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850095/; classtype:trojan-activity;sid:84713195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.150.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850094/; classtype:trojan-activity;sid:84713194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850093)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ea/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850093/; classtype:trojan-activity;sid:84713193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.218.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850092/; classtype:trojan-activity;sid:84713192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850090/; classtype:trojan-activity;sid:84713190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.231.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850091/; classtype:trojan-activity;sid:84713191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850089)"; flow:established,from_client; content:"GET"; http_method; content:"/48385cab-8a7a-4ce4-94ae-04d88f3f4b7c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"scaletax-bute-analytics-toeheap.garden"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850089/; classtype:trojan-activity;sid:84713189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.150.252.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850088/; classtype:trojan-activity;sid:84713188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850087)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bda0f7c4-c0a9-4b79-aadd-0ed18d7ea400"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"uh83re33.magneticlevitationtrain.digital"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850087/; classtype:trojan-activity;sid:84713187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.150.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850086/; classtype:trojan-activity;sid:84713186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.189.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850085/; classtype:trojan-activity;sid:84713185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.181.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850084/; classtype:trojan-activity;sid:84713184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.227.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850083/; classtype:trojan-activity;sid:84713183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.52.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850082/; classtype:trojan-activity;sid:84713182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850081/; classtype:trojan-activity;sid:84713181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850080)"; flow:established,from_client; content:"GET"; http_method; content:"/6afe7946-ca5e-4b0d-b52f-996862518e8c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bagansi-wild-flowr-manage-form.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850080/; classtype:trojan-activity;sid:84713180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850079/; classtype:trojan-activity;sid:84713179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850078/; classtype:trojan-activity;sid:84713178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.150.252.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850077/; classtype:trojan-activity;sid:84713177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850076/; classtype:trojan-activity;sid:84713176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850075/; classtype:trojan-activity;sid:84713175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.52.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850074/; classtype:trojan-activity;sid:84713174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850073)"; flow:established,from_client; content:"GET"; http_method; content:"/04c77659-d8ad-4025-a7bd-72ae821ca6cc/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dengrep-resource-opencut-engine.garden"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850073/; classtype:trojan-activity;sid:84713173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.128.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850072/; classtype:trojan-activity;sid:84713172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850071)"; flow:established,from_client; content:"GET"; http_method; content:"/8tsmopx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"buly.kr"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850071/; classtype:trojan-activity;sid:84713171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850068)"; flow:established,from_client; content:"GET"; http_method; content:"/26/girlgoodforme.hta"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850068/; classtype:trojan-activity;sid:84713168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850069)"; flow:established,from_client; content:"GET"; http_method; content:"/26/img_235621.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850069/; classtype:trojan-activity;sid:84713169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850070)"; flow:established,from_client; content:"GET"; http_method; content:"/25/img_184906.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"172.245.209.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850070/; classtype:trojan-activity;sid:84713170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850067)"; flow:established,from_client; content:"GET"; http_method; content:"/whatever.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850067/; classtype:trojan-activity;sid:84713167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.10.132.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850066/; classtype:trojan-activity;sid:84713166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.247.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850065/; classtype:trojan-activity;sid:84713165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.164.128.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850064/; classtype:trojan-activity;sid:84713164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850063/; classtype:trojan-activity;sid:84713163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850062)"; flow:established,from_client; content:"GET"; http_method; content:"/58e89562-8689-461c-b23b-1b46e709e9f4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"green-macrohim-work-center.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850062/; classtype:trojan-activity;sid:84713162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.207.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850061/; classtype:trojan-activity;sid:84713161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.171.62.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850060/; classtype:trojan-activity;sid:84713160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.24.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850059/; classtype:trojan-activity;sid:84713159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850058)"; flow:established,from_client; content:"GET"; http_method; content:"/a2586d64-a197-474f-92f5-89517f8bac30/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedgardenengine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850058/; classtype:trojan-activity;sid:84713158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850057/; classtype:trojan-activity;sid:84713157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850056/; classtype:trojan-activity;sid:84713156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.171.62.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850055/; classtype:trojan-activity;sid:84713155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.207.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850054/; classtype:trojan-activity;sid:84713154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850053/; classtype:trojan-activity;sid:84713153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.108.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850052/; classtype:trojan-activity;sid:84713152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850051)"; flow:established,from_client; content:"GET"; http_method; content:"/cfd2548e-d215-4117-8ece-17c3ee97e0ec/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraresourcecontroller.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850051/; classtype:trojan-activity;sid:84713151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850050)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=675270ff-25da-482e-abdc-062d0941560f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"lv5evztg.cyberneticprostheticlab.digital"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850050/; classtype:trojan-activity;sid:84713150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850049/; classtype:trojan-activity;sid:84713149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850048/; classtype:trojan-activity;sid:84713148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.240.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850047/; classtype:trojan-activity;sid:84713147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850046)"; flow:established,from_client; content:"GET"; http_method; content:"/e0754d6b-438b-456d-80b9-6af028af793f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowoperationshub.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850046/; classtype:trojan-activity;sid:84713146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.209.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850045/; classtype:trojan-activity;sid:84713145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.47.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850044/; classtype:trojan-activity;sid:84713144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.245.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850043/; classtype:trojan-activity;sid:84713143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.115.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850042/; classtype:trojan-activity;sid:84713142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.29.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850041/; classtype:trojan-activity;sid:84713141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.12.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850040/; classtype:trojan-activity;sid:84713140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.167.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850039/; classtype:trojan-activity;sid:84713139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.240.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850038/; classtype:trojan-activity;sid:84713138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.240.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850037/; classtype:trojan-activity;sid:84713137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850036/; classtype:trojan-activity;sid:84713136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850035)"; flow:established,from_client; content:"GET"; http_method; content:"/b35f6033-70ec-498c-bc4f-3ec41e689749/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedgrowthnetwork.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850035/; classtype:trojan-activity;sid:84713135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850034/; classtype:trojan-activity;sid:84713134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.115.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850033/; classtype:trojan-activity;sid:84713133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850032/; classtype:trojan-activity;sid:84713132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850031/; classtype:trojan-activity;sid:84713131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.243.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850030/; classtype:trojan-activity;sid:84713130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.252.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850029/; classtype:trojan-activity;sid:84713129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.4.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850028/; classtype:trojan-activity;sid:84713128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850027)"; flow:established,from_client; content:"GET"; http_method; content:"/67cedf02-0da7-4f84-ad69-cd4f4b67f7e4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigationtelemetrysystem.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850027/; classtype:trojan-activity;sid:84713127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.209.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850026/; classtype:trojan-activity;sid:84713126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850025/; classtype:trojan-activity;sid:84713125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850024/; classtype:trojan-activity;sid:84713124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.81.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850023/; classtype:trojan-activity;sid:84713123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.243.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850021/; classtype:trojan-activity;sid:84713121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.4.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850022/; classtype:trojan-activity;sid:84713122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.86.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850020/; classtype:trojan-activity;sid:84713120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850019)"; flow:established,from_client; content:"GET"; http_method; content:"/3f0493c2-1d7e-4eec-97d4-b79f68d6909f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalautomationframework.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850019/; classtype:trojan-activity;sid:84713119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.92.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850018/; classtype:trojan-activity;sid:84713118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.233.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850017/; classtype:trojan-activity;sid:84713117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850016)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=34842bde-de43-48dc-bf78-418653d70220"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3zqfx034.subfossiloakchronology.digital"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850016/; classtype:trojan-activity;sid:84713116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850015/; classtype:trojan-activity;sid:84713115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850014)"; flow:established,from_client; content:"GET"; http_method; content:"/e2f7316c-f595-4f54-a6b3-acf48e330f4c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedgardenanalytics.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850014/; classtype:trojan-activity;sid:84713114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.69.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850013/; classtype:trojan-activity;sid:84713113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850012/; classtype:trojan-activity;sid:84713112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.81.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850011/; classtype:trojan-activity;sid:84713111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850010)"; flow:established,from_client; content:"GET"; http_method; content:"/a49fac3f-acb0-4e73-8aec-dec37b0f879a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloramanagementplatform.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850010/; classtype:trojan-activity;sid:84713110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.145.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850009/; classtype:trojan-activity;sid:84713109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.69.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850008/; classtype:trojan-activity;sid:84713108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.95.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850007/; classtype:trojan-activity;sid:84713107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850006)"; flow:established,from_client; content:"GET"; http_method; content:"/04f88403-b560-4b6e-b150-7c9d3f8d2d56/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petalresourceengine.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850006/; classtype:trojan-activity;sid:84713106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850005)"; flow:established,from_client; content:"GET"; http_method; content:"/lsmsjvel68.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850005/; classtype:trojan-activity;sid:84713105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850000)"; flow:established,from_client; content:"GET"; http_method; content:"/dhekiqxjoh156.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850000/; classtype:trojan-activity;sid:84713100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850001)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphp130.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850001/; classtype:trojan-activity;sid:84713101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850002)"; flow:established,from_client; content:"GET"; http_method; content:"/nnzrhucccknmou229.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850002/; classtype:trojan-activity;sid:84713102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850003)"; flow:established,from_client; content:"GET"; http_method; content:"/lsmsjvel68.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850003/; classtype:trojan-activity;sid:84713103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850004)"; flow:established,from_client; content:"GET"; http_method; content:"/upbhpexqormbmya151.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850004/; classtype:trojan-activity;sid:84713104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849997)"; flow:established,from_client; content:"GET"; http_method; content:"/hiuwxijvtjcqqzxvxiyw186.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849997/; classtype:trojan-activity;sid:84713097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849998)"; flow:established,from_client; content:"GET"; http_method; content:"/nkmgqv11.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849998/; classtype:trojan-activity;sid:84713098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849999)"; flow:established,from_client; content:"GET"; http_method; content:"/nftdhrhyxbvweqprzgbpnafky164.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.29.9.115"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849999/; classtype:trojan-activity;sid:84713099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849996)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/vigilant-waffle/raw/refs/heads/main/loader.ps1"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849996/; classtype:trojan-activity;sid:84713096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849995)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/rammm/refs/heads/main/shellcode.bin"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849995/; classtype:trojan-activity;sid:84713095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dlazbgzuqc7wa5ibjxj_mrl1rtp6l8vs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849994/; classtype:trojan-activity;sid:84713094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849992)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/vigilant-waffle/refs/heads/main/shellcode.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849992/; classtype:trojan-activity;sid:84713092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849993)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/rammm/raw/refs/heads/main/shellcode.bin"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849993/; classtype:trojan-activity;sid:84713093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849990)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/vigilant-waffle/refs/heads/main/loader.ps1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849990/; classtype:trojan-activity;sid:84713090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849991)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/vigilant-waffle/raw/refs/heads/main/shellcode.bin"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849991/; classtype:trojan-activity;sid:84713091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.236.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849989/; classtype:trojan-activity;sid:84713089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.13.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849988/; classtype:trojan-activity;sid:84713088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849985)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849985/; classtype:trojan-activity;sid:84713085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849986)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.psh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849986/; classtype:trojan-activity;sid:84713086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849987)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.pmips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849987/; classtype:trojan-activity;sid:84713087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849978)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.pspc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849978/; classtype:trojan-activity;sid:84713078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849979)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.pm68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849979/; classtype:trojan-activity;sid:84713079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.px86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849980/; classtype:trojan-activity;sid:84713080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849981)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849981/; classtype:trojan-activity;sid:84713081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849982/; classtype:trojan-activity;sid:84713082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.pmpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849983/; classtype:trojan-activity;sid:84713083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849984)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849984/; classtype:trojan-activity;sid:84713084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849957)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849957/; classtype:trojan-activity;sid:84713057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849958)"; flow:established,from_client; content:"GET"; http_method; content:"/bz2xb9.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849958/; classtype:trojan-activity;sid:84713058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849959)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849959/; classtype:trojan-activity;sid:84713059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849960)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849960/; classtype:trojan-activity;sid:84713060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849961)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849961/; classtype:trojan-activity;sid:84713061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849962)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849962/; classtype:trojan-activity;sid:84713062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849963)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849963/; classtype:trojan-activity;sid:84713063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849964)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849964/; classtype:trojan-activity;sid:84713064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849965)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849965/; classtype:trojan-activity;sid:84713065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849966)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849966/; classtype:trojan-activity;sid:84713066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849967)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.parm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849967/; classtype:trojan-activity;sid:84713067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849968)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849968/; classtype:trojan-activity;sid:84713068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849969)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849969/; classtype:trojan-activity;sid:84713069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849970)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849970/; classtype:trojan-activity;sid:84713070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849971)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849971/; classtype:trojan-activity;sid:84713071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849972)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.parm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849972/; classtype:trojan-activity;sid:84713072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.parm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849973/; classtype:trojan-activity;sid:84713073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849974)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.parm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849974/; classtype:trojan-activity;sid:84713074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dlr.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849975/; classtype:trojan-activity;sid:84713075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849976/; classtype:trojan-activity;sid:84713076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849977)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849977/; classtype:trojan-activity;sid:84713077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.233.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849956/; classtype:trojan-activity;sid:84713056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.236.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849955/; classtype:trojan-activity;sid:84713055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.70.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849954/; classtype:trojan-activity;sid:84713054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.233.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849953/; classtype:trojan-activity;sid:84713053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849952/; classtype:trojan-activity;sid:84713052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.13.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849951/; classtype:trojan-activity;sid:84713051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849950)"; flow:established,from_client; content:"GET"; http_method; content:"/63f9a529-b49f-4704-8249-78af7c915719/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"carbon-fiber-monocoque.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849950/; classtype:trojan-activity;sid:84713050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.44.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849949/; classtype:trojan-activity;sid:84713049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849948/; classtype:trojan-activity;sid:84713048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849947)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1e13d931-cbb9-488c-be4d-e0bb12c9063a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"46fmfamd.crispychickencutlets.digital"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849947/; classtype:trojan-activity;sid:84713047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849946)"; flow:established,from_client; content:"GET"; http_method; content:"/da4ccdc1-2edb-4dd3-8c0e-05c3082dd829/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bioluminescent-fungi-spore.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849946/; classtype:trojan-activity;sid:84713046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849945/; classtype:trojan-activity;sid:84713045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849944/; classtype:trojan-activity;sid:84713044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849943/; classtype:trojan-activity;sid:84713043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849942)"; flow:established,from_client; content:"GET"; http_method; content:"/ff2118f2-7b15-4399-819d-e91c2a58c21d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"interstellar-dust-nebula.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849942/; classtype:trojan-activity;sid:84713042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.241.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849941/; classtype:trojan-activity;sid:84713041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849940)"; flow:established,from_client; content:"GET"; http_method; content:"/xvzpjyddlu/getdata.php"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849940/; classtype:trojan-activity;sid:84713040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849939)"; flow:established,from_client; content:"GET"; http_method; content:"/hidrosys/api/rump18th.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"desentupidora.pro.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849939/; classtype:trojan-activity;sid:84713039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849938)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"losslvs.surf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849938/; classtype:trojan-activity;sid:84713038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849937)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/verbose-palm-tree/raw/refs/heads/main/file.vbproj"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849937/; classtype:trojan-activity;sid:84713037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849936)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/ovnq8pyjh2xo.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"id8796.cfd"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849936/; classtype:trojan-activity;sid:84713036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849935)"; flow:established,from_client; content:"GET"; http_method; content:"/grere856-dot/verbose-palm-tree/refs/heads/main/file.vbproj"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849935/; classtype:trojan-activity;sid:84713035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849923)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/fktfmbe3kqp9.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849923/; classtype:trojan-activity;sid:84713023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849924)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/af2dee0f20b847ea_310.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849924/; classtype:trojan-activity;sid:84713024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849925)"; flow:established,from_client; content:"GET"; http_method; content:"/16b022998f754137b60a.php"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.107.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849925/; classtype:trojan-activity;sid:84713025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849926)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/f6ab9f4da4ed74e4_301.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849926/; classtype:trojan-activity;sid:84713026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849927)"; flow:established,from_client; content:"GET"; http_method; content:"/xvzpjyddlu/getdata.php"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849927/; classtype:trojan-activity;sid:84713027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849928)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/fznceashcgle.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849928/; classtype:trojan-activity;sid:84713028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849929)"; flow:established,from_client; content:"GET"; http_method; content:"/api.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849929/; classtype:trojan-activity;sid:84713029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849930)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/9lleukaxnxge.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849930/; classtype:trojan-activity;sid:84713030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849931)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/5aerydl4boo4.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849931/; classtype:trojan-activity;sid:84713031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849932)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/0z3ocw3ctbo8.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849932/; classtype:trojan-activity;sid:84713032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849933)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/swaqchrfqvfx.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849933/; classtype:trojan-activity;sid:84713033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849934)"; flow:established,from_client; content:"GET"; http_method; content:"/api.php"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.107.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849934/; classtype:trojan-activity;sid:84713034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849922)"; flow:established,from_client; content:"GET"; http_method; content:"/djmay.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"crescentegramas.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849922/; classtype:trojan-activity;sid:84713022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849921)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/j07f9jflfile.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849921/; classtype:trojan-activity;sid:84713021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.84.115.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849920/; classtype:trojan-activity;sid:84713020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.209.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849919/; classtype:trojan-activity;sid:84713019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849918)"; flow:established,from_client; content:"GET"; http_method; content:"/baee3115-fdaa-460b-92ca-7fb4bc12a525/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ancient-colosseum-engineering.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849918/; classtype:trojan-activity;sid:84713018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.86.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849917/; classtype:trojan-activity;sid:84713017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.106.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849916/; classtype:trojan-activity;sid:84713016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849915)"; flow:established,from_client; content:"GET"; http_method; content:"/e0590aee-5a6b-492e-942f-43a332afd22a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stealth-bomber-radar-cross.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849915/; classtype:trojan-activity;sid:84713015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849914/; classtype:trojan-activity;sid:84713014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.170.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849913/; classtype:trojan-activity;sid:84713013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.103.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849912/; classtype:trojan-activity;sid:84713012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.106.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849911/; classtype:trojan-activity;sid:84713011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849910)"; flow:established,from_client; content:"GET"; http_method; content:"/68520466-0a04-4be9-9492-a387da8a581a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stratographic-core-drill.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849910/; classtype:trojan-activity;sid:84713010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849909/; classtype:trojan-activity;sid:84713009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849908/; classtype:trojan-activity;sid:84713008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849907)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=873efc79-a61b-4ff5-8615-76b1bc971cc7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rgx5w3o2.orbitaldockingmodule.digital"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849907/; classtype:trojan-activity;sid:84713007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849903/; classtype:trojan-activity;sid:84713003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849904/; classtype:trojan-activity;sid:84713004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.112.126.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849905/; classtype:trojan-activity;sid:84713005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.103.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849906/; classtype:trojan-activity;sid:84713006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.27.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849902/; classtype:trojan-activity;sid:84713002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849901/; classtype:trojan-activity;sid:84713001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.30.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849900/; classtype:trojan-activity;sid:84713000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849899/; classtype:trojan-activity;sid:84712999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849898/; classtype:trojan-activity;sid:84712998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.110.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849897/; classtype:trojan-activity;sid:84712997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849896)"; flow:established,from_client; content:"GET"; http_method; content:"/r/5vai1jn1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849896/; classtype:trojan-activity;sid:84712996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849895)"; flow:established,from_client; content:"GET"; http_method; content:"/r/5vai1jn1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pastee.dev"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849895/; classtype:trojan-activity;sid:84712995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849894)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/maty-60fd2.firebasestorage.app/o/wedlincoln.ps1|3f|alt=media|7c|26|7c|token=176a0671-0105-4b5a-b16b-47bb323baf6b"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849894/; classtype:trojan-activity;sid:84712994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849893)"; flow:established,from_client; content:"GET"; http_method; content:"/r/5vai1jn1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pastee.dev"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849893/; classtype:trojan-activity;sid:84712993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849892)"; flow:established,from_client; content:"GET"; http_method; content:"/bb6e176c-558d-4837-b6ae-77cb6cb26c56/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"modular-analog-synthesizer.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849892/; classtype:trojan-activity;sid:84712992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849891)"; flow:established,from_client; content:"GET"; http_method; content:"/ansttelse.deploy"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"107.173.47.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849891/; classtype:trojan-activity;sid:84712991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.243.128.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849890/; classtype:trojan-activity;sid:84712990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849889/; classtype:trojan-activity;sid:84712989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849888)"; flow:established,from_client; content:"GET"; http_method; content:"/bf5deffb-d9f1-44ae-9bf6-8a2b0e4c8341/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tectonic-fault-seismograph.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849888/; classtype:trojan-activity;sid:84712988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.31.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849887/; classtype:trojan-activity;sid:84712987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.30.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849885/; classtype:trojan-activity;sid:84712985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.225.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849886/; classtype:trojan-activity;sid:84712986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.36.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849884/; classtype:trojan-activity;sid:84712984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849883)"; flow:established,from_client; content:"GET"; http_method; content:"/td2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"62.181.55.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849883/; classtype:trojan-activity;sid:84712983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849882/; classtype:trojan-activity;sid:84712982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.157.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849881/; classtype:trojan-activity;sid:84712981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849880)"; flow:established,from_client; content:"GET"; http_method; content:"/cabf8546-82b6-4404-a12e-342f0e311f02/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"subterranean-bunker-outpost.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849880/; classtype:trojan-activity;sid:84712980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849879/; classtype:trojan-activity;sid:84712979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849868/; classtype:trojan-activity;sid:84712968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849869)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849869/; classtype:trojan-activity;sid:84712969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849870)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849870/; classtype:trojan-activity;sid:84712970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849871)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849871/; classtype:trojan-activity;sid:84712971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849872)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849872/; classtype:trojan-activity;sid:84712972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849873)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849873/; classtype:trojan-activity;sid:84712973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849874)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849874/; classtype:trojan-activity;sid:84712974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849875)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849875/; classtype:trojan-activity;sid:84712975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849876)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849876/; classtype:trojan-activity;sid:84712976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849877)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849877/; classtype:trojan-activity;sid:84712977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849878)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849878/; classtype:trojan-activity;sid:84712978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849867)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849867/; classtype:trojan-activity;sid:84712967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849866)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv4l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849866/; classtype:trojan-activity;sid:84712966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849864)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_9eba8ba0028ac2cf.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849864/; classtype:trojan-activity;sid:84712964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849865)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d1817d35ffdfedd3.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849865/; classtype:trojan-activity;sid:84712965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.234.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849862/; classtype:trojan-activity;sid:84712962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849863)"; flow:established,from_client; content:"GET"; http_method; content:"/af090082-74da-4f8e-a1e1-b01c1a57e7e5/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"the-sopranos-family-tree.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849863/; classtype:trojan-activity;sid:84712963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849861)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f330dd3a-11fd-475c-9403-5bc6a7e598f4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q956x3rl.badabingsopranoslounge.digital"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849861/; classtype:trojan-activity;sid:84712961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.31.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849859/; classtype:trojan-activity;sid:84712959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.19.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849860/; classtype:trojan-activity;sid:84712960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.16.159.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849858/; classtype:trojan-activity;sid:84712958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849857/; classtype:trojan-activity;sid:84712957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849856/; classtype:trojan-activity;sid:84712956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.253.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849855/; classtype:trojan-activity;sid:84712955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849854)"; flow:established,from_client; content:"GET"; http_method; content:"/1355e8eb-0696-4a1e-b68f-7456031511bb/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"quantum-entanglement-crypt.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849854/; classtype:trojan-activity;sid:84712954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.224.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849853/; classtype:trojan-activity;sid:84712953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.118.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849852/; classtype:trojan-activity;sid:84712952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849851/; classtype:trojan-activity;sid:84712951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.96.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849850/; classtype:trojan-activity;sid:84712950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849849/; classtype:trojan-activity;sid:84712949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849848)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.125.226.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849848/; classtype:trojan-activity;sid:84712948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.198.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849847/; classtype:trojan-activity;sid:84712947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.236.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849846/; classtype:trojan-activity;sid:84712946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849845)"; flow:established,from_client; content:"GET"; http_method; content:"/3ac57b2f-2bfc-4f12-b1cd-247c272c148f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"amber-fossil-mosquito.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849845/; classtype:trojan-activity;sid:84712945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.163.55.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849844/; classtype:trojan-activity;sid:84712944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.92.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849843/; classtype:trojan-activity;sid:84712943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.78.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849841/; classtype:trojan-activity;sid:84712941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.198.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849842/; classtype:trojan-activity;sid:84712942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.195.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849840/; classtype:trojan-activity;sid:84712940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.238.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849839/; classtype:trojan-activity;sid:84712939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849838)"; flow:established,from_client; content:"GET"; http_method; content:"/77ba6dfa-c0e0-4c28-982d-42f0146fdf04/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"phase-shift-bridge-driver.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849838/; classtype:trojan-activity;sid:84712938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.92.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849837/; classtype:trojan-activity;sid:84712937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849836/; classtype:trojan-activity;sid:84712936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.107.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849835/; classtype:trojan-activity;sid:84712935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.238.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849834/; classtype:trojan-activity;sid:84712934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849833)"; flow:established,from_client; content:"GET"; http_method; content:"/dc0f31bf-3444-42b5-92b9-86a23231fa5b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xenomorph-hive-intelligence.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849833/; classtype:trojan-activity;sid:84712933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849832/; classtype:trojan-activity;sid:84712932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849831)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9db51ed9-7f9d-483b-b4c1-e1a439f55d18"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x8drf7ed.audioattenuatorschematic.digital"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849831/; classtype:trojan-activity;sid:84712931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849830/; classtype:trojan-activity;sid:84712930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849829/; classtype:trojan-activity;sid:84712929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849828)"; flow:established,from_client; content:"GET"; http_method; content:"/91275a46-2ac1-4eb0-86db-0c5962c2b611/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"holistic-detective-agency.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849828/; classtype:trojan-activity;sid:84712928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.70.159.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849827/; classtype:trojan-activity;sid:84712927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.0.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849826/; classtype:trojan-activity;sid:84712926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.123.38.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849824/; classtype:trojan-activity;sid:84712924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.29.233.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849825/; classtype:trojan-activity;sid:84712925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24-35-228-16.fidnet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849823/; classtype:trojan-activity;sid:84712923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.39.19.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849822/; classtype:trojan-activity;sid:84712922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.70.159.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849821/; classtype:trojan-activity;sid:84712921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849820)"; flow:established,from_client; content:"GET"; http_method; content:"/9f337497-0af1-47a8-940b-b4c53821ec62/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedplantengine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849820/; classtype:trojan-activity;sid:84712920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849819/; classtype:trojan-activity;sid:84712919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.116.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849818/; classtype:trojan-activity;sid:84712918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849817)"; flow:established,from_client; content:"GET"; http_method; content:"/uppermpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849817/; classtype:trojan-activity;sid:84712917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849805)"; flow:established,from_client; content:"GET"; http_method; content:"/upperspc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849805/; classtype:trojan-activity;sid:84712905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849806)"; flow:established,from_client; content:"GET"; http_method; content:"/upperx64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849806/; classtype:trojan-activity;sid:84712906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849807)"; flow:established,from_client; content:"GET"; http_method; content:"/upperarm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849807/; classtype:trojan-activity;sid:84712907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849808)"; flow:established,from_client; content:"GET"; http_method; content:"/upperarm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849808/; classtype:trojan-activity;sid:84712908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849809)"; flow:established,from_client; content:"GET"; http_method; content:"/upperx86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849809/; classtype:trojan-activity;sid:84712909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849810)"; flow:established,from_client; content:"GET"; http_method; content:"/uppersh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849810/; classtype:trojan-activity;sid:84712910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849811)"; flow:established,from_client; content:"GET"; http_method; content:"/dck"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849811/; classtype:trojan-activity;sid:84712911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849812)"; flow:established,from_client; content:"GET"; http_method; content:"/upperarm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849812/; classtype:trojan-activity;sid:84712912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849813)"; flow:established,from_client; content:"GET"; http_method; content:"/uppermips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849813/; classtype:trojan-activity;sid:84712913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849814)"; flow:established,from_client; content:"GET"; http_method; content:"/upperppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849814/; classtype:trojan-activity;sid:84712914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849815)"; flow:established,from_client; content:"GET"; http_method; content:"/upperm68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849815/; classtype:trojan-activity;sid:84712915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849816)"; flow:established,from_client; content:"GET"; http_method; content:"/upperarm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849816/; classtype:trojan-activity;sid:84712916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.207.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849804/; classtype:trojan-activity;sid:84712904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849803)"; flow:established,from_client; content:"GET"; http_method; content:"/bz2xb9.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849803/; classtype:trojan-activity;sid:84712903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849802)"; flow:established,from_client; content:"GET"; http_method; content:"/3bab2318-6cb3-4469-820b-5b1fb408d3c8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraobservabilitycenter.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849802/; classtype:trojan-activity;sid:84712902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849801/; classtype:trojan-activity;sid:84712901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849800)"; flow:established,from_client; content:"GET"; http_method; content:"/9eae0fb3-ce9e-4772-a071-45c11a56a1c9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraobservabilitycenter.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849800/; classtype:trojan-activity;sid:84712900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.89.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849799/; classtype:trojan-activity;sid:84712899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.89.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849798/; classtype:trojan-activity;sid:84712898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849797)"; flow:established,from_client; content:"GET"; http_method; content:"/92649efe-7014-4314-8cb5-1d4b8517f4b2/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowworkflowframework.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849797/; classtype:trojan-activity;sid:84712897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.50.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849796/; classtype:trojan-activity;sid:84712896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.126.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849795/; classtype:trojan-activity;sid:84712895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849794/; classtype:trojan-activity;sid:84712894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.79.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849793/; classtype:trojan-activity;sid:84712893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849792/; classtype:trojan-activity;sid:84712892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.223.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849791/; classtype:trojan-activity;sid:84712891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849790)"; flow:established,from_client; content:"GET"; http_method; content:"/04b30246-681e-4f28-94ac-4abdf8c9e9c0/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedgardenplatform.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849790/; classtype:trojan-activity;sid:84712890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.207.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849789/; classtype:trojan-activity;sid:84712889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.54.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849788/; classtype:trojan-activity;sid:84712888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849787)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=96088ca9-a952-4d48-bdac-691d9ba54c5f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8duc5067.siciliandefensetheory.digital"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849787/; classtype:trojan-activity;sid:84712887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849786/; classtype:trojan-activity;sid:84712886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.26.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849785/; classtype:trojan-activity;sid:84712885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849784)"; flow:established,from_client; content:"GET"; http_method; content:"/9c2fb09e-0fa9-4f7c-8e39-44e5d2c85ce7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigationanalyticssystem.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849784/; classtype:trojan-activity;sid:84712884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849782/; classtype:trojan-activity;sid:84712882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.223.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849783/; classtype:trojan-activity;sid:84712883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849781)"; flow:established,from_client; content:"GET"; http_method; content:"/aecf995d-327f-468d-99a3-86a9d06e1c0a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalresourcecontroller.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849781/; classtype:trojan-activity;sid:84712881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.143.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849780/; classtype:trojan-activity;sid:84712880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.65.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849779/; classtype:trojan-activity;sid:84712879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.31.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849778/; classtype:trojan-activity;sid:84712878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.8.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849777/; classtype:trojan-activity;sid:84712877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849776)"; flow:established,from_client; content:"GET"; http_method; content:"/78fda414-505b-4817-8905-4304fa00da8f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedbloomnetwork.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849776/; classtype:trojan-activity;sid:84712876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.36.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849775/; classtype:trojan-activity;sid:84712875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849774/; classtype:trojan-activity;sid:84712874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849773/; classtype:trojan-activity;sid:84712873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849768)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849768/; classtype:trojan-activity;sid:84712868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849769)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849769/; classtype:trojan-activity;sid:84712869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849770)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849770/; classtype:trojan-activity;sid:84712870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849771)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849771/; classtype:trojan-activity;sid:84712871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.144.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849772/; classtype:trojan-activity;sid:84712872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849764)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849764/; classtype:trojan-activity;sid:84712864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849765)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849765/; classtype:trojan-activity;sid:84712865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849766)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849766/; classtype:trojan-activity;sid:84712866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849767)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"220.158.232.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849767/; classtype:trojan-activity;sid:84712867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849763)"; flow:established,from_client; content:"GET"; http_method; content:"/a5449b5c-f6c8-4f2a-b237-f7dbdd06245c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildflorainfrastructurehub.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849763/; classtype:trojan-activity;sid:84712863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.109.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849762/; classtype:trojan-activity;sid:84712862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849761/; classtype:trojan-activity;sid:84712861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.230.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849760/; classtype:trojan-activity;sid:84712860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849759/; classtype:trojan-activity;sid:84712859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849758)"; flow:established,from_client; content:"GET"; http_method; content:"/15062e4b-7ecb-4d6b-9bf4-4f8e2bdf429a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petalautomationplatform.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849758/; classtype:trojan-activity;sid:84712858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.100.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849757/; classtype:trojan-activity;sid:84712857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.162.169.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849756/; classtype:trojan-activity;sid:84712856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.144.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849755/; classtype:trojan-activity;sid:84712855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.59.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849754/; classtype:trojan-activity;sid:84712854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849753)"; flow:established,from_client; content:"GET"; http_method; content:"/858ef0eb-0ebe-4e8d-a09e-56e28ed6bdd6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhousemanagementengine.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849753/; classtype:trojan-activity;sid:84712853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.206.85.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849752/; classtype:trojan-activity;sid:84712852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.65.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849751/; classtype:trojan-activity;sid:84712851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849750)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7e43a019-bbc8-48cc-9687-e11ab494be16"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"v9rvls59.stack-matrix.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849750/; classtype:trojan-activity;sid:84712850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.59.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849748/; classtype:trojan-activity;sid:84712848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849749/; classtype:trojan-activity;sid:84712849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.36.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849747/; classtype:trojan-activity;sid:84712847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849746/; classtype:trojan-activity;sid:84712846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.100.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849745/; classtype:trojan-activity;sid:84712845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849744)"; flow:established,from_client; content:"GET"; http_method; content:"/861b485c-9477-494f-b5cc-9f770e848a77/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gardenresourcecontroller.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849744/; classtype:trojan-activity;sid:84712844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849743)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849743/; classtype:trojan-activity;sid:84712843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849742)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849742/; classtype:trojan-activity;sid:84712842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849738)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.sparc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849738/; classtype:trojan-activity;sid:84712838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849739)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849739/; classtype:trojan-activity;sid:84712839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849740)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849740/; classtype:trojan-activity;sid:84712840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849741)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849741/; classtype:trojan-activity;sid:84712841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849737)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849737/; classtype:trojan-activity;sid:84712837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849731)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849731/; classtype:trojan-activity;sid:84712831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849732)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849732/; classtype:trojan-activity;sid:84712832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849733)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849733/; classtype:trojan-activity;sid:84712833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849734)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849734/; classtype:trojan-activity;sid:84712834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849735)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849735/; classtype:trojan-activity;sid:84712835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849736)"; flow:established,from_client; content:"GET"; http_method; content:"/heilong.x86_32"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849736/; classtype:trojan-activity;sid:84712836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849730/; classtype:trojan-activity;sid:84712830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849729)"; flow:established,from_client; content:"GET"; http_method; content:"/46478205-cd2d-4e2f-b951-4e25b91383f8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedbotanicalnetwork.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849729/; classtype:trojan-activity;sid:84712829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.2.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849728/; classtype:trojan-activity;sid:84712828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849727)"; flow:established,from_client; content:"GET"; http_method; content:"/5e6f0263-23ac-4776-8f0a-6e5c05b1f2e0/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloraintegrationplatform.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849727/; classtype:trojan-activity;sid:84712827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.4.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849726/; classtype:trojan-activity;sid:84712826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.194.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849725/; classtype:trojan-activity;sid:84712825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.176.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849724/; classtype:trojan-activity;sid:84712824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.50.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849723/; classtype:trojan-activity;sid:84712823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.127.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849722/; classtype:trojan-activity;sid:84712822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849721/; classtype:trojan-activity;sid:84712821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.2.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849720/; classtype:trojan-activity;sid:84712820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.125.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849719/; classtype:trojan-activity;sid:84712819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.83.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849717/; classtype:trojan-activity;sid:84712817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.36.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849718/; classtype:trojan-activity;sid:84712818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.194.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849716/; classtype:trojan-activity;sid:84712816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849715)"; flow:established,from_client; content:"GET"; http_method; content:"/0dd7916b-3437-4def-ab73-94fbe8197288/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petalworkflowengine.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849715/; classtype:trojan-activity;sid:84712815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.127.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849714/; classtype:trojan-activity;sid:84712814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849713/; classtype:trojan-activity;sid:84712813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.209.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849712/; classtype:trojan-activity;sid:84712812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.43.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849711/; classtype:trojan-activity;sid:84712811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849710)"; flow:established,from_client; content:"GET"; http_method; content:"/8877000e-0057-4a48-84f5-bd5f043f5795/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhousedeploymenthub.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849710/; classtype:trojan-activity;sid:84712810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849708/; classtype:trojan-activity;sid:84712808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.125.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849709/; classtype:trojan-activity;sid:84712809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.196.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849707/; classtype:trojan-activity;sid:84712807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849706/; classtype:trojan-activity;sid:84712806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.141.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849705/; classtype:trojan-activity;sid:84712805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.43.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849704/; classtype:trojan-activity;sid:84712804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849703)"; flow:established,from_client; content:"GET"; http_method; content:"/00802650-7147-4392-b474-28e4506a37ca/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedgardenhub.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849703/; classtype:trojan-activity;sid:84712803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849702/; classtype:trojan-activity;sid:84712802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849701)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e7282688-6ce3-460b-98b1-b1eabb2fb575"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8qxg5lyp.logic-pulse.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849701/; classtype:trojan-activity;sid:84712801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849700/; classtype:trojan-activity;sid:84712800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849699)"; flow:established,from_client; content:"GET"; http_method; content:"/9a9d9159-edc6-4993-9ece-89288f96bdf9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraautomationnetwork.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849699/; classtype:trojan-activity;sid:84712799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.73.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849698/; classtype:trojan-activity;sid:84712798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849697/; classtype:trojan-activity;sid:84712797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849696)"; flow:established,from_client; content:"GET"; http_method; content:"/86b4aab1-6c00-4794-a7bb-8b0204fac9b6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowmanagementcenter.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849696/; classtype:trojan-activity;sid:84712796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.80.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849695/; classtype:trojan-activity;sid:84712795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.51.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849694/; classtype:trojan-activity;sid:84712794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849693)"; flow:established,from_client; content:"GET"; http_method; content:"/1f70915c-5991-4d7a-9c2e-896b60a1099b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedplantplatform.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849693/; classtype:trojan-activity;sid:84712793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849692/; classtype:trojan-activity;sid:84712792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.182.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849691/; classtype:trojan-activity;sid:84712791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849690)"; flow:established,from_client; content:"GET"; http_method; content:"/0a0248a6-256c-4e57-9f7f-bd24961098f9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigationworkflowsystem.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849690/; classtype:trojan-activity;sid:84712790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849687)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849687/; classtype:trojan-activity;sid:84712787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849688)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849688/; classtype:trojan-activity;sid:84712788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849689)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849689/; classtype:trojan-activity;sid:84712789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849686/; classtype:trojan-activity;sid:84712786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849685)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849685/; classtype:trojan-activity;sid:84712785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.200.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849684/; classtype:trojan-activity;sid:84712784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849683)"; flow:established,from_client; content:"GET"; http_method; content:"/390c82e5-0af3-4d91-8666-9ce470fcb3ea/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalanalyticsengine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849683/; classtype:trojan-activity;sid:84712783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849682)"; flow:established,from_client; content:"GET"; http_method; content:"/9367023a-5e35-4f56-9858-2ebf6ecc57c1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalanalyticsengine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849682/; classtype:trojan-activity;sid:84712782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.236.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849681/; classtype:trojan-activity;sid:84712781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849680)"; flow:established,from_client; content:"GET"; http_method; content:"/5fa3d62a-b327-468f-ad3e-cabf43ab209a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalanalyticsengine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849680/; classtype:trojan-activity;sid:84712780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849679)"; flow:established,from_client; content:"GET"; http_method; content:"/4ccf1c79-7867-4fc8-a8c1-6e903f37c843/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalanalyticsengine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849679/; classtype:trojan-activity;sid:84712779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849678)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b5267948-eb77-4260-b262-dc5dceecfecd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4qm7sqpa.cyber-harbor.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849678/; classtype:trojan-activity;sid:84712778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.236.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849677/; classtype:trojan-activity;sid:84712777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849676)"; flow:established,from_client; content:"GET"; http_method; content:"/9de94932-1915-4c31-a900-fd0549727fcf/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedmeadownetwork.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849676/; classtype:trojan-activity;sid:84712776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849675)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849675/; classtype:trojan-activity;sid:84712775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849674)"; flow:established,from_client; content:"GET"; http_method; content:"/5f921a41-a076-48e3-9408-f77eb4e4609e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloraprocessinghub.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849674/; classtype:trojan-activity;sid:84712774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849673)"; flow:established,from_client; content:"GET"; http_method; content:"/stego_payload23456.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jankop.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849673/; classtype:trojan-activity;sid:84712773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849672)"; flow:established,from_client; content:"GET"; http_method; content:"/e16331ef-9a2b-4898-b812-a4a6179d1d7c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petalresourceframework.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849672/; classtype:trojan-activity;sid:84712772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.83.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849671/; classtype:trojan-activity;sid:84712771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849667)"; flow:established,from_client; content:"GET"; http_method; content:"/job_addon-central-glazed/artifacts/yzvvrb5k_glazedaddon-1.21.4.jar"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"customer-assets.emergentagent.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849667/; classtype:trojan-activity;sid:84712767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849668)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/component"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849668/; classtype:trojan-activity;sid:84712768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849669)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/runtimebroker.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849669/; classtype:trojan-activity;sid:84712769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849670)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/module2"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849670/; classtype:trojan-activity;sid:84712770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849664)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/pjibf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849664/; classtype:trojan-activity;sid:84712764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849665)"; flow:established,from_client; content:"GET"; http_method; content:"/kryptonplus.0.10.jar"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"kryptongoofy.lovable.app"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849665/; classtype:trojan-activity;sid:84712765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849666)"; flow:established,from_client; content:"GET"; http_method; content:"/argon_client_1.21.11.jar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"argonclient.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849666/; classtype:trojan-activity;sid:84712766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849661)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/security"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849661/; classtype:trojan-activity;sid:84712761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849662)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/elevator"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849662/; classtype:trojan-activity;sid:84712762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849663)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/module"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"falseflag1.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849663/; classtype:trojan-activity;sid:84712763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849660)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ecom4qzkheclqn7ml8dng/f175fcc7b1277b.exe|3f|rlkey=jctz6gr5wlpfas8bf48qokzgd|7c|26|7c|st=ur5dn56o|7c|26|7c|dl=1"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849660/; classtype:trojan-activity;sid:84712760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849659)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/jabwd47j7zwrjg3p13k1p/installer-acc-v2.1.1.exe|3f|rlkey=w4jpkgch7jjyqq9gu2om4xs8n|7c|26|7c|st=7wlat5pq|7c|26|7c|dl=0"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849659/; classtype:trojan-activity;sid:84712759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849656)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a99659e88279685c.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849656/; classtype:trojan-activity;sid:84712756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849657)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e0fe7b19c94f5d26.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849657/; classtype:trojan-activity;sid:84712757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849658)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6993d4de4b47e311.cmd"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849658/; classtype:trojan-activity;sid:84712758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.115.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849655/; classtype:trojan-activity;sid:84712755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849654)"; flow:established,from_client; content:"GET"; http_method; content:"/d0f0d0fc-1e26-4e87-a6b9-dbaf7c0c54e7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhousecontrolplatform.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849654/; classtype:trojan-activity;sid:84712754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.223.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849653/; classtype:trojan-activity;sid:84712753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.80.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849652/; classtype:trojan-activity;sid:84712752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.115.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849651/; classtype:trojan-activity;sid:84712751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849650)"; flow:established,from_client; content:"GET"; http_method; content:"/b4f79dce-a688-485a-b9e8-ef362ea98384/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedbloomhub.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849650/; classtype:trojan-activity;sid:84712750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.44.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849649/; classtype:trojan-activity;sid:84712749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849648)"; flow:established,from_client; content:"GET"; http_method; content:"/ebe5fb67-e0c5-4f47-8c86-d1e455d31c5a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraanalyticsresource.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849648/; classtype:trojan-activity;sid:84712748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.83.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849647/; classtype:trojan-activity;sid:84712747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849646)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=da0825f0-5b5c-4507-af13-d94bf2ed77bc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xbgnx37a.byte-lattice.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849646/; classtype:trojan-activity;sid:84712746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849645/; classtype:trojan-activity;sid:84712745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849643/; classtype:trojan-activity;sid:84712743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.44.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849644/; classtype:trojan-activity;sid:84712744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849642)"; flow:established,from_client; content:"GET"; http_method; content:"/f99cdc0c-51dc-4281-aca2-e0da01b3f9cd/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gardenautomationframework.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849642/; classtype:trojan-activity;sid:84712742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.75.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849641/; classtype:trojan-activity;sid:84712741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.3.245"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849640/; classtype:trojan-activity;sid:84712740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849639/; classtype:trojan-activity;sid:84712739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849638)"; flow:established,from_client; content:"GET"; http_method; content:"/0016c2ac-f51d-4b98-8ce2-41f560c990e8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedmeadowsystem.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849638/; classtype:trojan-activity;sid:84712738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849637/; classtype:trojan-activity;sid:84712737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.75.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849636/; classtype:trojan-activity;sid:84712736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.92.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849635/; classtype:trojan-activity;sid:84712735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.224.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849634/; classtype:trojan-activity;sid:84712734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.85.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849633/; classtype:trojan-activity;sid:84712733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849632)"; flow:established,from_client; content:"GET"; http_method; content:"/2c46855d-8612-4926-be58-d7f8a06aef55/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigationprocessingnetwork.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849632/; classtype:trojan-activity;sid:84712732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.220.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849631/; classtype:trojan-activity;sid:84712731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.198.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849630/; classtype:trojan-activity;sid:84712730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.85.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849629/; classtype:trojan-activity;sid:84712729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.107.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849627/; classtype:trojan-activity;sid:84712727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.45.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849628/; classtype:trojan-activity;sid:84712728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.224.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849626/; classtype:trojan-activity;sid:84712726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.230.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849625/; classtype:trojan-activity;sid:84712725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849624)"; flow:established,from_client; content:"GET"; http_method; content:"/71866231-5540-4c9e-9db2-1864b22dc0d8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalworkflowplatform.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849624/; classtype:trojan-activity;sid:84712724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.220.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849623/; classtype:trojan-activity;sid:84712723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.159.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849622/; classtype:trojan-activity;sid:84712722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849621/; classtype:trojan-activity;sid:84712721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849620/; classtype:trojan-activity;sid:84712720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849619)"; flow:established,from_client; content:"GET"; http_method; content:"/f4505e3d-0dc7-4573-a2c6-f9c31e11e911/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedgardencontrol.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849619/; classtype:trojan-activity;sid:84712719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.219.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849618/; classtype:trojan-activity;sid:84712718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849617/; classtype:trojan-activity;sid:84712717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849616)"; flow:established,from_client; content:"GET"; http_method; content:"/a48ce5e4-ef46-472e-b5ca-33442e983f70/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloraresourceengine.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849616/; classtype:trojan-activity;sid:84712716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849615)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1a53cb6a-e65f-4b16-aa88-705ca0f267bc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0h5smwzp.network-forge.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849615/; classtype:trojan-activity;sid:84712715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849614/; classtype:trojan-activity;sid:84712714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.208.112.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849613/; classtype:trojan-activity;sid:84712713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849612)"; flow:established,from_client; content:"GET"; http_method; content:"/b41a4d09-899c-466a-9317-e4de33c6c66d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petaldistributioncenter.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849612/; classtype:trojan-activity;sid:84712712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.219.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849611/; classtype:trojan-activity;sid:84712711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.103.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849610/; classtype:trojan-activity;sid:84712710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849609/; classtype:trojan-activity;sid:84712709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.35.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849608/; classtype:trojan-activity;sid:84712708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849607)"; flow:established,from_client; content:"GET"; http_method; content:"/923c0c1b-e6a3-42fa-a7b3-b6edd95cdab5/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhousemonitoringhub.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849607/; classtype:trojan-activity;sid:84712707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.208.112.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849606/; classtype:trojan-activity;sid:84712706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.85.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849605/; classtype:trojan-activity;sid:84712705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.41.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849604/; classtype:trojan-activity;sid:84712704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849603/; classtype:trojan-activity;sid:84712703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849602)"; flow:established,from_client; content:"GET"; http_method; content:"/8a655712-da7d-465f-bab3-6abed05ce64f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ecosystem-processing-tienginx-center.garden"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849602/; classtype:trojan-activity;sid:84712702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.49.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849601/; classtype:trojan-activity;sid:84712701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.81.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849600/; classtype:trojan-activity;sid:84712700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.35.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849599/; classtype:trojan-activity;sid:84712699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849598/; classtype:trojan-activity;sid:84712698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.152.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849597/; classtype:trojan-activity;sid:84712697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849595/; classtype:trojan-activity;sid:84712695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.85.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849596/; classtype:trojan-activity;sid:84712696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849594)"; flow:established,from_client; content:"GET"; http_method; content:"/c6376c7e-448e-4b8d-9cdb-b3de0f6fdd5a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mongofly-container-gard-mesh.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849594/; classtype:trojan-activity;sid:84712694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849593/; classtype:trojan-activity;sid:84712693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.152.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849592/; classtype:trojan-activity;sid:84712692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849591)"; flow:established,from_client; content:"GET"; http_method; content:"/8f9c1eec-d56f-4a79-8274-ad9c72dbc6c4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"docsfan-flora-ability-system.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849591/; classtype:trojan-activity;sid:84712691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.81.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849590/; classtype:trojan-activity;sid:84712690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849588/; classtype:trojan-activity;sid:84712688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849589/; classtype:trojan-activity;sid:84712689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.113.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849587/; classtype:trojan-activity;sid:84712687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849586/; classtype:trojan-activity;sid:84712686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.48.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849585/; classtype:trojan-activity;sid:84712685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.85.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849584/; classtype:trojan-activity;sid:84712684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.73.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849583/; classtype:trojan-activity;sid:84712683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849582)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=134179f0-63ef-4cd2-beb8-2b558468e035"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jmaeciy3.signal-vault.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849582/; classtype:trojan-activity;sid:84712682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849581)"; flow:established,from_client; content:"GET"; http_method; content:"/bb6a394e-a9a3-44b4-869b-3dfcadff9c9b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vbytelot-mead-automation-form.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849581/; classtype:trojan-activity;sid:84712681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849580/; classtype:trojan-activity;sid:84712680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.0.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849579/; classtype:trojan-activity;sid:84712679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.109.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849578/; classtype:trojan-activity;sid:84712678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849577)"; flow:established,from_client; content:"GET"; http_method; content:"/4d1f470b-683a-4684-9ccf-a1b638857924/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"porthot-irr-gation-menthub.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849577/; classtype:trojan-activity;sid:84712677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.150.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849576/; classtype:trojan-activity;sid:84712676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849575/; classtype:trojan-activity;sid:84712675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.16.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849574/; classtype:trojan-activity;sid:84712674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.0.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849573/; classtype:trojan-activity;sid:84712673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.102.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849572/; classtype:trojan-activity;sid:84712672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.150.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849571/; classtype:trojan-activity;sid:84712671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849570)"; flow:established,from_client; content:"GET"; http_method; content:"/f8f0cd9b-8b2c-47dc-909b-871f5280ff51/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"radiopin-botn-monitor-in-gengine.garden"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849570/; classtype:trojan-activity;sid:84712670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.16.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849569/; classtype:trojan-activity;sid:84712669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.73.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849568/; classtype:trojan-activity;sid:84712668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849567/; classtype:trojan-activity;sid:84712667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.150.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849566/; classtype:trojan-activity;sid:84712666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.102.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849565/; classtype:trojan-activity;sid:84712665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849564)"; flow:established,from_client; content:"GET"; http_method; content:"/858c81bc-73a7-4c9a-b64e-8c7237717514/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pcapshay-bute-gard-source.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849564/; classtype:trojan-activity;sid:84712664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849563/; classtype:trojan-activity;sid:84712663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.212.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849562/; classtype:trojan-activity;sid:84712662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849561)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849561/; classtype:trojan-activity;sid:84712661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.241.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849559/; classtype:trojan-activity;sid:84712659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849560/; classtype:trojan-activity;sid:84712660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849546/; classtype:trojan-activity;sid:84712646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.riscv32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849547/; classtype:trojan-activity;sid:84712647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.riscv64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849548/; classtype:trojan-activity;sid:84712648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849549/; classtype:trojan-activity;sid:84712649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.loongarch64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849550/; classtype:trojan-activity;sid:84712650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849551/; classtype:trojan-activity;sid:84712651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.sh2"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849552/; classtype:trojan-activity;sid:84712652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849553/; classtype:trojan-activity;sid:84712653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.or1k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849554/; classtype:trojan-activity;sid:84712654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.powerpc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849555/; classtype:trojan-activity;sid:84712655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849556)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.i386"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849556/; classtype:trojan-activity;sid:84712656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849557)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.aarch64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849557/; classtype:trojan-activity;sid:84712657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849558)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vaxbot.microblaze"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849558/; classtype:trojan-activity;sid:84712658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849545)"; flow:established,from_client; content:"GET"; http_method; content:"/a195fa1d-8a71-4713-a1e1-823544121503/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wilder-flow-work-lmsystem.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849545/; classtype:trojan-activity;sid:84712645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.91.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849544/; classtype:trojan-activity;sid:84712644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.71.28.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849543/; classtype:trojan-activity;sid:84712643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849542)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_24308024a80d8cad.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849542/; classtype:trojan-activity;sid:84712642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849541)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849541/; classtype:trojan-activity;sid:84712641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849540)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849540/; classtype:trojan-activity;sid:84712640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849539)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849539/; classtype:trojan-activity;sid:84712639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849537)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849537/; classtype:trojan-activity;sid:84712637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849538)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849538/; classtype:trojan-activity;sid:84712638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849536)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849536/; classtype:trojan-activity;sid:84712636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849531)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849531/; classtype:trojan-activity;sid:84712631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849532)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849532/; classtype:trojan-activity;sid:84712632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849533)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849533/; classtype:trojan-activity;sid:84712633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849534)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849534/; classtype:trojan-activity;sid:84712634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849535/; classtype:trojan-activity;sid:84712635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849527)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849527/; classtype:trojan-activity;sid:84712627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849528)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849528/; classtype:trojan-activity;sid:84712628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849529)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849529/; classtype:trojan-activity;sid:84712629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849530)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849530/; classtype:trojan-activity;sid:84712630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849523)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849523/; classtype:trojan-activity;sid:84712623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849524)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssai486"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849524/; classtype:trojan-activity;sid:84712624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849525/; classtype:trojan-activity;sid:84712625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849526/; classtype:trojan-activity;sid:84712626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849513)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849513/; classtype:trojan-activity;sid:84712613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849514)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849514/; classtype:trojan-activity;sid:84712614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849515)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849515/; classtype:trojan-activity;sid:84712615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849516)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849516/; classtype:trojan-activity;sid:84712616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849517)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849517/; classtype:trojan-activity;sid:84712617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849518)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849518/; classtype:trojan-activity;sid:84712618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849519)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849519/; classtype:trojan-activity;sid:84712619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849520)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssappc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849520/; classtype:trojan-activity;sid:84712620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849521)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849521/; classtype:trojan-activity;sid:84712621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849522)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849522/; classtype:trojan-activity;sid:84712622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849505)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849505/; classtype:trojan-activity;sid:84712605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849506)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849506/; classtype:trojan-activity;sid:84712606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849507)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849507/; classtype:trojan-activity;sid:84712607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849508)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849508/; classtype:trojan-activity;sid:84712608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849509/; classtype:trojan-activity;sid:84712609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849510)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849510/; classtype:trojan-activity;sid:84712610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849511/; classtype:trojan-activity;sid:84712611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849512)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849512/; classtype:trojan-activity;sid:84712612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849499)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849499/; classtype:trojan-activity;sid:84712599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849500)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/lterouter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849500/; classtype:trojan-activity;sid:84712600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849501)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849501/; classtype:trojan-activity;sid:84712601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849502/; classtype:trojan-activity;sid:84712602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849503)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849503/; classtype:trojan-activity;sid:84712603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849504)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849504/; classtype:trojan-activity;sid:84712604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849497)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849497/; classtype:trojan-activity;sid:84712597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849498)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849498/; classtype:trojan-activity;sid:84712598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849495)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssai586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849495/; classtype:trojan-activity;sid:84712595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849496)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849496/; classtype:trojan-activity;sid:84712596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849493)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849493/; classtype:trojan-activity;sid:84712593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849494/; classtype:trojan-activity;sid:84712594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849491)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849491/; classtype:trojan-activity;sid:84712591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849492)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849492/; classtype:trojan-activity;sid:84712592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849486)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849486/; classtype:trojan-activity;sid:84712586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849487)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849487/; classtype:trojan-activity;sid:84712587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849488)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssamips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849488/; classtype:trojan-activity;sid:84712588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849489)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849489/; classtype:trojan-activity;sid:84712589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849490)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849490/; classtype:trojan-activity;sid:84712590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849482)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849482/; classtype:trojan-activity;sid:84712582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849483)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849483/; classtype:trojan-activity;sid:84712583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849484)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849484/; classtype:trojan-activity;sid:84712584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849485/; classtype:trojan-activity;sid:84712585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849479)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849479/; classtype:trojan-activity;sid:84712579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849480)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849480/; classtype:trojan-activity;sid:84712580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849481)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssampsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849481/; classtype:trojan-activity;sid:84712581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849473)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849473/; classtype:trojan-activity;sid:84712573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849474)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewx86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849474/; classtype:trojan-activity;sid:84712574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849475)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849475/; classtype:trojan-activity;sid:84712575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849476)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849476/; classtype:trojan-activity;sid:84712576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849477)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849477/; classtype:trojan-activity;sid:84712577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849478)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849478/; classtype:trojan-activity;sid:84712578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849464)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849464/; classtype:trojan-activity;sid:84712564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849465)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849465/; classtype:trojan-activity;sid:84712565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849466)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849466/; classtype:trojan-activity;sid:84712566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849467)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849467/; classtype:trojan-activity;sid:84712567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849468/; classtype:trojan-activity;sid:84712568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849469)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaarm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849469/; classtype:trojan-activity;sid:84712569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849470)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849470/; classtype:trojan-activity;sid:84712570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849471)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewx8664"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849471/; classtype:trojan-activity;sid:84712571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849472)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849472/; classtype:trojan-activity;sid:84712572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849460)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849460/; classtype:trojan-activity;sid:84712560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849461)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849461/; classtype:trojan-activity;sid:84712561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849462)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849462/; classtype:trojan-activity;sid:84712562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849463)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849463/; classtype:trojan-activity;sid:84712563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849458)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849458/; classtype:trojan-activity;sid:84712558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849459)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849459/; classtype:trojan-activity;sid:84712559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849454)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849454/; classtype:trojan-activity;sid:84712554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849455)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849455/; classtype:trojan-activity;sid:84712555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849456)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849456/; classtype:trojan-activity;sid:84712556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849457)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849457/; classtype:trojan-activity;sid:84712557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849449/; classtype:trojan-activity;sid:84712549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849450)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849450/; classtype:trojan-activity;sid:84712550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849451)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849451/; classtype:trojan-activity;sid:84712551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849452)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849452/; classtype:trojan-activity;sid:84712552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849453)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849453/; classtype:trojan-activity;sid:84712553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849447)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssai686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849447/; classtype:trojan-activity;sid:84712547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849448)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849448/; classtype:trojan-activity;sid:84712548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849446)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849446/; classtype:trojan-activity;sid:84712546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849441)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849441/; classtype:trojan-activity;sid:84712541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849442)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849442/; classtype:trojan-activity;sid:84712542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849443)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaarm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849443/; classtype:trojan-activity;sid:84712543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849444)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849444/; classtype:trojan-activity;sid:84712544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849445)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849445/; classtype:trojan-activity;sid:84712545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849438)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849438/; classtype:trojan-activity;sid:84712538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849439)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849439/; classtype:trojan-activity;sid:84712539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849440)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849440/; classtype:trojan-activity;sid:84712540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849436)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849436/; classtype:trojan-activity;sid:84712536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849437)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849437/; classtype:trojan-activity;sid:84712537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849430)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849430/; classtype:trojan-activity;sid:84712530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849431/; classtype:trojan-activity;sid:84712531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849432)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849432/; classtype:trojan-activity;sid:84712532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849433)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849433/; classtype:trojan-activity;sid:84712533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849434)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849434/; classtype:trojan-activity;sid:84712534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849435)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849435/; classtype:trojan-activity;sid:84712535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849422)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849422/; classtype:trojan-activity;sid:84712522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849423)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849423/; classtype:trojan-activity;sid:84712523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849424)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849424/; classtype:trojan-activity;sid:84712524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849425)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"isellchildren.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849425/; classtype:trojan-activity;sid:84712525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849426)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssam68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849426/; classtype:trojan-activity;sid:84712526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849427)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849427/; classtype:trojan-activity;sid:84712527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849428)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849428/; classtype:trojan-activity;sid:84712528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849429)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849429/; classtype:trojan-activity;sid:84712529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849417)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849417/; classtype:trojan-activity;sid:84712517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849418)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849418/; classtype:trojan-activity;sid:84712518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849419)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849419/; classtype:trojan-activity;sid:84712519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849420)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849420/; classtype:trojan-activity;sid:84712520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849421)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849421/; classtype:trojan-activity;sid:84712521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849410)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849410/; classtype:trojan-activity;sid:84712510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849411/; classtype:trojan-activity;sid:84712511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849412/; classtype:trojan-activity;sid:84712512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849413)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"zupreme-qbot.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849413/; classtype:trojan-activity;sid:84712513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849414)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849414/; classtype:trojan-activity;sid:84712514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849415)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849415/; classtype:trojan-activity;sid:84712515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849416)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849416/; classtype:trojan-activity;sid:84712516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849404)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849404/; classtype:trojan-activity;sid:84712504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849405)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"zyrec2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849405/; classtype:trojan-activity;sid:84712505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849406)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849406/; classtype:trojan-activity;sid:84712506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849407)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849407/; classtype:trojan-activity;sid:84712507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849408/; classtype:trojan-activity;sid:84712508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849409)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849409/; classtype:trojan-activity;sid:84712509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849402)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849402/; classtype:trojan-activity;sid:84712502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849403)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.i686"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849403/; classtype:trojan-activity;sid:84712503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849400)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"newenewmew.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849400/; classtype:trojan-activity;sid:84712500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849401)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaarm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849401/; classtype:trojan-activity;sid:84712501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849390)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewmpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849390/; classtype:trojan-activity;sid:84712490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849391)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849391/; classtype:trojan-activity;sid:84712491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849392)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849392/; classtype:trojan-activity;sid:84712492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849393)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849393/; classtype:trojan-activity;sid:84712493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849394)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849394/; classtype:trojan-activity;sid:84712494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849395)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fucker1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849395/; classtype:trojan-activity;sid:84712495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849396)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849396/; classtype:trojan-activity;sid:84712496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849397)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tbk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849397/; classtype:trojan-activity;sid:84712497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849398)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849398/; classtype:trojan-activity;sid:84712498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849399)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"boatdome.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849399/; classtype:trojan-activity;sid:84712499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849388/; classtype:trojan-activity;sid:84712488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849389/; classtype:trojan-activity;sid:84712489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849382)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewmips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849382/; classtype:trojan-activity;sid:84712482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849383)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849383/; classtype:trojan-activity;sid:84712483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849384/; classtype:trojan-activity;sid:84712484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849385)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849385/; classtype:trojan-activity;sid:84712485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849386)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849386/; classtype:trojan-activity;sid:84712486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849387)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849387/; classtype:trojan-activity;sid:84712487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849376)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849376/; classtype:trojan-activity;sid:84712476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849377)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849377/; classtype:trojan-activity;sid:84712477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849378)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849378/; classtype:trojan-activity;sid:84712478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849379)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849379/; classtype:trojan-activity;sid:84712479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849380)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9z.wtf"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849380/; classtype:trojan-activity;sid:84712480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849381)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849381/; classtype:trojan-activity;sid:84712481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849375)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaarm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gigs.us.1e.cm"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849375/; classtype:trojan-activity;sid:84712475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849374)"; flow:established,from_client; content:"GET"; http_method; content:"/6466cab1-314e-4349-af6c-a39360851245/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"slashbob-distrib-plat-form.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849374/; classtype:trojan-activity;sid:84712474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.212.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849373/; classtype:trojan-activity;sid:84712473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.110.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849372/; classtype:trojan-activity;sid:84712472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849371)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fc05ce2f-285a-4100-b353-4038908b481e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q41liphc.packet-vector.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849371/; classtype:trojan-activity;sid:84712471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.54.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849370/; classtype:trojan-activity;sid:84712470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849369)"; flow:established,from_client; content:"GET"; http_method; content:"/2affdbb2-9683-4155-a1c1-df08222b9e33/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zoneday-green-house-oper-center.garden"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849369/; classtype:trojan-activity;sid:84712469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849368)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849368/; classtype:trojan-activity;sid:84712468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849364)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849364/; classtype:trojan-activity;sid:84712464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849365)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"207.244.199.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849365/; classtype:trojan-activity;sid:84712465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849366)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"207.244.199.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849366/; classtype:trojan-activity;sid:84712466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849367)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"207.244.199.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849367/; classtype:trojan-activity;sid:84712467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.71.28.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849363/; classtype:trojan-activity;sid:84712463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.110.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849362/; classtype:trojan-activity;sid:84712462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.91.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849361/; classtype:trojan-activity;sid:84712461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849360/; classtype:trojan-activity;sid:84712460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849359/; classtype:trojan-activity;sid:84712459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849358/; classtype:trojan-activity;sid:84712458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849357)"; flow:established,from_client; content:"GET"; http_method; content:"/866dd8fb-f069-4f96-9e5b-fb881ed8dfb3/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ecosystemmanagementcore.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849357/; classtype:trojan-activity;sid:84712457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.225.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849356/; classtype:trojan-activity;sid:84712456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849355/; classtype:trojan-activity;sid:84712455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849354/; classtype:trojan-activity;sid:84712454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849353/; classtype:trojan-activity;sid:84712453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849352)"; flow:established,from_client; content:"GET"; http_method; content:"/b534554c-b2e0-4a56-808c-ce67ce9fc6e9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedplantnetwork.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849352/; classtype:trojan-activity;sid:84712452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849351/; classtype:trojan-activity;sid:84712451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849350/; classtype:trojan-activity;sid:84712450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849349)"; flow:established,from_client; content:"GET"; http_method; content:"/f67f9750-2112-4f5b-9256-2fb061a9277b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraanalyticsengine.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849349/; classtype:trojan-activity;sid:84712449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849348/; classtype:trojan-activity;sid:84712448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.170.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849347/; classtype:trojan-activity;sid:84712447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849346/; classtype:trojan-activity;sid:84712446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849345)"; flow:established,from_client; content:"GET"; http_method; content:"/7b9570f9-d9cc-471b-9d8c-f385b355123a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowmonitoringplatform.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849345/; classtype:trojan-activity;sid:84712445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.159.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849344/; classtype:trojan-activity;sid:84712444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.63.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849343/; classtype:trojan-activity;sid:84712443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849342/; classtype:trojan-activity;sid:84712442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.68.160.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849341/; classtype:trojan-activity;sid:84712441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.254.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849340/; classtype:trojan-activity;sid:84712440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.254.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849339/; classtype:trojan-activity;sid:84712439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.21.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849338/; classtype:trojan-activity;sid:84712438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.170.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849337/; classtype:trojan-activity;sid:84712437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849336)"; flow:established,from_client; content:"GET"; http_method; content:"/99c57f7c-dcd4-4058-b88c-654819a34ef4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigationautomationhub.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849336/; classtype:trojan-activity;sid:84712436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.172.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849335/; classtype:trojan-activity;sid:84712435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849334)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=710960bf-19e3-4f4a-9473-5a563ddb6fef"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c2rdcpuv.runtime-sphere.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849334/; classtype:trojan-activity;sid:84712434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.151.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849333/; classtype:trojan-activity;sid:84712433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.23.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849332/; classtype:trojan-activity;sid:84712432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849331)"; flow:established,from_client; content:"GET"; http_method; content:"/7b8b9930-7862-48e9-8210-75ad0f6ab291/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalworkflowcenter.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849331/; classtype:trojan-activity;sid:84712431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.21.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849330/; classtype:trojan-activity;sid:84712430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.151.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849329/; classtype:trojan-activity;sid:84712429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.68.160.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849328/; classtype:trojan-activity;sid:84712428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.100.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849327/; classtype:trojan-activity;sid:84712427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.230.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849326/; classtype:trojan-activity;sid:84712426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849325)"; flow:established,from_client; content:"GET"; http_method; content:"/77f346b3-5103-4609-bdb5-2cbe9ec26f65/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedgrowthnetwork.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849325/; classtype:trojan-activity;sid:84712425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849324/; classtype:trojan-activity;sid:84712424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.220.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849323/; classtype:trojan-activity;sid:84712423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849322)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_8480df5c5489df4a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849322/; classtype:trojan-activity;sid:84712422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.105.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849321/; classtype:trojan-activity;sid:84712421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849320)"; flow:established,from_client; content:"GET"; http_method; content:"/09a62705-f6fb-491b-9a0f-0992c7fe8e8a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloracontrolsystem.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849320/; classtype:trojan-activity;sid:84712420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.166.2.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849319/; classtype:trojan-activity;sid:84712419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.169.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849318/; classtype:trojan-activity;sid:84712418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.91.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849317/; classtype:trojan-activity;sid:84712417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849316/; classtype:trojan-activity;sid:84712416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.122.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849315/; classtype:trojan-activity;sid:84712415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849314)"; flow:established,from_client; content:"GET"; http_method; content:"/fb173cbf-a417-4bb3-a8bb-90c095caa7a3/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petalprocessingplatform.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849314/; classtype:trojan-activity;sid:84712414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849313)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849313/; classtype:trojan-activity;sid:84712413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.157.76.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849311/; classtype:trojan-activity;sid:84712411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849312)"; flow:established,from_client; content:"GET"; http_method; content:"/primemic_v2.10_setup.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"primemic.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849312/; classtype:trojan-activity;sid:84712412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849310)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.239.189.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849310/; classtype:trojan-activity;sid:84712410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849309)"; flow:established,from_client; content:"GET"; http_method; content:"/vo2mqkiwwqfy5hvg06az.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"crackedsoftware.doxbin.cy"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849309/; classtype:trojan-activity;sid:84712409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849295)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849295/; classtype:trojan-activity;sid:84712395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849296)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849296/; classtype:trojan-activity;sid:84712396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849297)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849297/; classtype:trojan-activity;sid:84712397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849298)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849298/; classtype:trojan-activity;sid:84712398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849299)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849299/; classtype:trojan-activity;sid:84712399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849300)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849300/; classtype:trojan-activity;sid:84712400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849301)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849301/; classtype:trojan-activity;sid:84712401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849302)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849302/; classtype:trojan-activity;sid:84712402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849303)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849303/; classtype:trojan-activity;sid:84712403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849304)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849304/; classtype:trojan-activity;sid:84712404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849305)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849305/; classtype:trojan-activity;sid:84712405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849306)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849306/; classtype:trojan-activity;sid:84712406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849308)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849308/; classtype:trojan-activity;sid:84712408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849285)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849285/; classtype:trojan-activity;sid:84712385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849286)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849286/; classtype:trojan-activity;sid:84712386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849287)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849287/; classtype:trojan-activity;sid:84712387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849288)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849288/; classtype:trojan-activity;sid:84712388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849289)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849289/; classtype:trojan-activity;sid:84712389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849290)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849290/; classtype:trojan-activity;sid:84712390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849291)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849291/; classtype:trojan-activity;sid:84712391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849292)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849292/; classtype:trojan-activity;sid:84712392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849293)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849293/; classtype:trojan-activity;sid:84712393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849277)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849277/; classtype:trojan-activity;sid:84712377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849278)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849278/; classtype:trojan-activity;sid:84712378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849279)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849279/; classtype:trojan-activity;sid:84712379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849280)"; flow:established,from_client; content:"GET"; http_method; content:"/atilabyte-a11y/atila_worm_2/raw/refs/heads/main/down_procwork.sh"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849280/; classtype:trojan-activity;sid:84712380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849281)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849281/; classtype:trojan-activity;sid:84712381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849282)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/n1i0yjjgq8go6ai51tncy/installer-acc-v2.3.1.exe|3f|rlkey=ykxuf1njlfzkib4e28dpk8yy3|7c|26|7c|st=ip51m235|7c|26|7c|dl=0"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849282/; classtype:trojan-activity;sid:84712382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849283)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849283/; classtype:trojan-activity;sid:84712383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849284)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849284/; classtype:trojan-activity;sid:84712384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849275)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849275/; classtype:trojan-activity;sid:84712375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849276)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botnet.fizra.biz.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849276/; classtype:trojan-activity;sid:84712376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849271)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849271/; classtype:trojan-activity;sid:84712371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849272)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849272/; classtype:trojan-activity;sid:84712372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849273)"; flow:established,from_client; content:"GET"; http_method; content:"/deploy-client-v2.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.7.199.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849273/; classtype:trojan-activity;sid:84712373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.199.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849274/; classtype:trojan-activity;sid:84712374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849268)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_5002ecd7b717fe68.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849268/; classtype:trojan-activity;sid:84712368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849269)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849269/; classtype:trojan-activity;sid:84712369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849270)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hardenedpeanits.fyi"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849270/; classtype:trojan-activity;sid:84712370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849266)"; flow:established,from_client; content:"GET"; http_method; content:"/set.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"167.88.167.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849266/; classtype:trojan-activity;sid:84712366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849267)"; flow:established,from_client; content:"GET"; http_method; content:"/supercool.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"167.88.167.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849267/; classtype:trojan-activity;sid:84712367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.169.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849265/; classtype:trojan-activity;sid:84712365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.220.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849264/; classtype:trojan-activity;sid:84712364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849263)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849263/; classtype:trojan-activity;sid:84712363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849261)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.sh4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849261/; classtype:trojan-activity;sid:84712361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849262)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849262/; classtype:trojan-activity;sid:84712362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849260)"; flow:established,from_client; content:"GET"; http_method; content:"/c7909b3c-71ec-402a-a302-d1a1219bbcb2/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhouseresourceengine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849260/; classtype:trojan-activity;sid:84712360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849259)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.spc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849259/; classtype:trojan-activity;sid:84712359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849249)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.i686"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849249/; classtype:trojan-activity;sid:84712349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849250)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849250/; classtype:trojan-activity;sid:84712350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849251)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.ppc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849251/; classtype:trojan-activity;sid:84712351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849252)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mips"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849252/; classtype:trojan-activity;sid:84712352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849253)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.mpsl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849253/; classtype:trojan-activity;sid:84712353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849254)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849254/; classtype:trojan-activity;sid:84712354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849255)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849255/; classtype:trojan-activity;sid:84712355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849256)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.arm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849256/; classtype:trojan-activity;sid:84712356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849257)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.m68k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849257/; classtype:trojan-activity;sid:84712357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849258)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.x86_64"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849258/; classtype:trojan-activity;sid:84712358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849248)"; flow:established,from_client; content:"GET"; http_method; content:"/windyloveyou/windy.i468"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"82.223.44.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849248/; classtype:trojan-activity;sid:84712348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849247/; classtype:trojan-activity;sid:84712347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.252.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849246/; classtype:trojan-activity;sid:84712346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.2.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849245/; classtype:trojan-activity;sid:84712345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849244/; classtype:trojan-activity;sid:84712344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.12.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849243/; classtype:trojan-activity;sid:84712343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849242)"; flow:established,from_client; content:"GET"; http_method; content:"/fc2eaa45-7fec-4923-aa7a-e70e45be15e4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"primordial-soup-evolution.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849242/; classtype:trojan-activity;sid:84712342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849241/; classtype:trojan-activity;sid:84712341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.163.187.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849240/; classtype:trojan-activity;sid:84712340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.252.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849239/; classtype:trojan-activity;sid:84712339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849238)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e3825dc8-6d8f-4801-a3e8-f58da175d997"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"k9h20m23.observability-matrix.digital"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849238/; classtype:trojan-activity;sid:84712338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.199.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849237/; classtype:trojan-activity;sid:84712337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849236)"; flow:established,from_client; content:"GET"; http_method; content:"/d1fa4263-ad4d-4996-902e-9b346fa63d07/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"subdermal-biometric-chip.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849236/; classtype:trojan-activity;sid:84712336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.186.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849235/; classtype:trojan-activity;sid:84712335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849234/; classtype:trojan-activity;sid:84712334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849232/; classtype:trojan-activity;sid:84712332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.224.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849233/; classtype:trojan-activity;sid:84712333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.17.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849231/; classtype:trojan-activity;sid:84712331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849230)"; flow:established,from_client; content:"GET"; http_method; content:"/a30f94b7-274c-4a43-a0d2-addcee28e4ad/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"renaissance-fresco-restoration.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849230/; classtype:trojan-activity;sid:84712330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.186.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849229/; classtype:trojan-activity;sid:84712329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.17.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849228/; classtype:trojan-activity;sid:84712328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.90.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849227/; classtype:trojan-activity;sid:84712327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.150.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849226/; classtype:trojan-activity;sid:84712326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849225/; classtype:trojan-activity;sid:84712325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.44.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849224/; classtype:trojan-activity;sid:84712324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849223/; classtype:trojan-activity;sid:84712323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849222)"; flow:established,from_client; content:"GET"; http_method; content:"/3ac9ef89-73ed-4629-b18e-a1a56109df58/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stratospheric-weather-balloon.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849222/; classtype:trojan-activity;sid:84712322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849221)"; flow:established,from_client; content:"GET"; http_method; content:"/159a828e-c534-4ba8-b296-a70d4e6d7c01/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"holographic-projection-grid.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849221/; classtype:trojan-activity;sid:84712321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849220/; classtype:trojan-activity;sid:84712320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849219)"; flow:established,from_client; content:"GET"; http_method; content:"/aff414fe-4eaa-4e04-b7d0-3df9a4f98912/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"deep-sea-hydrothermal-vent.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849219/; classtype:trojan-activity;sid:84712319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.76.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849218/; classtype:trojan-activity;sid:84712318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.63.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849217/; classtype:trojan-activity;sid:84712317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.113.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849216/; classtype:trojan-activity;sid:84712316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849215/; classtype:trojan-activity;sid:84712315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849214)"; flow:established,from_client; content:"GET"; http_method; content:"/9c69f36a-ead8-4e1f-81b5-96aaa8e57519/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gothic-cathedral-blueprint.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849214/; classtype:trojan-activity;sid:84712314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849213/; classtype:trojan-activity;sid:84712313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.3.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849212/; classtype:trojan-activity;sid:84712312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849211)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c4528683-fa5b-4842-a3da-c2b69d56cc2e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wlede4d3.network-harbor.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849211/; classtype:trojan-activity;sid:84712311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.63.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849210/; classtype:trojan-activity;sid:84712310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849209/; classtype:trojan-activity;sid:84712309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.12.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849208/; classtype:trojan-activity;sid:84712308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849207/; classtype:trojan-activity;sid:84712307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.12.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849206/; classtype:trojan-activity;sid:84712306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849205)"; flow:established,from_client; content:"GET"; http_method; content:"/8790629d-d563-4917-87c0-4eae804e32e6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"magnetic-levitation-train.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849205/; classtype:trojan-activity;sid:84712305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849204/; classtype:trojan-activity;sid:84712304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849203/; classtype:trojan-activity;sid:84712303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.33.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849202/; classtype:trojan-activity;sid:84712302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.3.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849201/; classtype:trojan-activity;sid:84712301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849200)"; flow:established,from_client; content:"GET"; http_method; content:"/b6a33b11-a1f8-4c43-8296-0569b7b5118b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cybernetic-prosthetic-lab.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849200/; classtype:trojan-activity;sid:84712300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849199/; classtype:trojan-activity;sid:84712299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.10.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849198/; classtype:trojan-activity;sid:84712298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849197/; classtype:trojan-activity;sid:84712297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.217.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849196/; classtype:trojan-activity;sid:84712296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849195)"; flow:established,from_client; content:"GET"; http_method; content:"/e80cc5ae-8ac0-44dc-ac72-12224eedc7d8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"subfossil-oak-chronology.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849195/; classtype:trojan-activity;sid:84712295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.217.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849194/; classtype:trojan-activity;sid:84712294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849193)"; flow:established,from_client; content:"GET"; http_method; content:"/84e13c57-44fb-4a10-b48d-e94f63c9fc0a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"crispy-chicken-cutlets.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849193/; classtype:trojan-activity;sid:84712293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849192/; classtype:trojan-activity;sid:84712292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849191)"; flow:established,from_client; content:"GET"; http_method; content:"/2b95c424-e0c9-4e39-b48f-9349e34d7dbc/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"orbital-docking-module.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849191/; classtype:trojan-activity;sid:84712291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.130.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849190/; classtype:trojan-activity;sid:84712290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.149.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849189/; classtype:trojan-activity;sid:84712289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849188)"; flow:established,from_client; content:"GET"; http_method; content:"/12dbd72c-6389-4f77-a2cf-4434520a092b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bada-bing-sopranos-lounge.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849188/; classtype:trojan-activity;sid:84712288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849187)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4a016df5-e91d-4acc-b2b0-5a7512712426"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2u5vvnoh.microservice-pulse.digital"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849187/; classtype:trojan-activity;sid:84712287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.239.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849186/; classtype:trojan-activity;sid:84712286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849185)"; flow:established,from_client; content:"GET"; http_method; content:"/63ea9c83-3a5d-42b9-841c-8a48cadfd36b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"audio-attenuator-schematic.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849185/; classtype:trojan-activity;sid:84712285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.32.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849184/; classtype:trojan-activity;sid:84712284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849183)"; flow:established,from_client; content:"GET"; http_method; content:"/0642cead-0be5-4674-ab65-f2fb2c885641/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sicilian-defense-theory.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849183/; classtype:trojan-activity;sid:84712283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849182/; classtype:trojan-activity;sid:84712282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.242.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849181/; classtype:trojan-activity;sid:84712281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.180.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849180/; classtype:trojan-activity;sid:84712280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849179)"; flow:established,from_client; content:"GET"; http_method; content:"/199b96b0-a0b7-47ca-a59c-5022741436a0/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalmonitoringengine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849179/; classtype:trojan-activity;sid:84712279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.32.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849178/; classtype:trojan-activity;sid:84712278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.231.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849177/; classtype:trojan-activity;sid:84712277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849176/; classtype:trojan-activity;sid:84712276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849175/; classtype:trojan-activity;sid:84712275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849174/; classtype:trojan-activity;sid:84712274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.242.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849173/; classtype:trojan-activity;sid:84712273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849172/; classtype:trojan-activity;sid:84712272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.180.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849171/; classtype:trojan-activity;sid:84712271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849169/; classtype:trojan-activity;sid:84712269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.90.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849170/; classtype:trojan-activity;sid:84712270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849168/; classtype:trojan-activity;sid:84712268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.55.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849167/; classtype:trojan-activity;sid:84712267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849166)"; flow:established,from_client; content:"GET"; http_method; content:"/04789575-1c3d-41d1-8852-d2213716c0fc/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedgardenresource.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849166/; classtype:trojan-activity;sid:84712266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849165/; classtype:trojan-activity;sid:84712265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849164/; classtype:trojan-activity;sid:84712264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849163/; classtype:trojan-activity;sid:84712263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849162)"; flow:established,from_client; content:"GET"; http_method; content:"/dac078a0-0200-43a7-8246-a436feb9204e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloraworkflowsystem.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849162/; classtype:trojan-activity;sid:84712262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849161/; classtype:trojan-activity;sid:84712261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.229.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849160/; classtype:trojan-activity;sid:84712260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849159)"; flow:established,from_client; content:"GET"; http_method; content:"/1ea13f50-871b-4a86-a698-e258ec7bedc7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petaldistributionplatform.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849159/; classtype:trojan-activity;sid:84712259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849158)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=de2bc0b7-8ca4-4458-b702-78f4667e88f1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0q9bvoqh.telemetry-vault.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849158/; classtype:trojan-activity;sid:84712258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849157/; classtype:trojan-activity;sid:84712257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.89.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849156/; classtype:trojan-activity;sid:84712256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.99.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849155/; classtype:trojan-activity;sid:84712255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.6.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849154/; classtype:trojan-activity;sid:84712254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849153)"; flow:established,from_client; content:"GET"; http_method; content:"/80913708-64ea-49a2-8fe9-3a0a5ae778dd/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhouseoperationscenter.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849153/; classtype:trojan-activity;sid:84712253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.12.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849152/; classtype:trojan-activity;sid:84712252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.186.229.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849151/; classtype:trojan-activity;sid:84712251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.12.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849150/; classtype:trojan-activity;sid:84712250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849149)"; flow:established,from_client; content:"GET"; http_method; content:"/952d956c-4c8b-4d29-88b9-cda2b45adca7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-blue-high-print.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849149/; classtype:trojan-activity;sid:84712249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849148/; classtype:trojan-activity;sid:84712248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849147/; classtype:trojan-activity;sid:84712247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.6.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849146/; classtype:trojan-activity;sid:84712246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849145/; classtype:trojan-activity;sid:84712245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.156.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849144/; classtype:trojan-activity;sid:84712244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.221.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849143/; classtype:trojan-activity;sid:84712243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849142)"; flow:established,from_client; content:"GET"; http_method; content:"/a8f4d6a7-7828-4917-b0ec-bfa36f119121/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-mesh-core-yet-go.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849142/; classtype:trojan-activity;sid:84712242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.47.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849141/; classtype:trojan-activity;sid:84712241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.239.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849140/; classtype:trojan-activity;sid:84712240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.43.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849139/; classtype:trojan-activity;sid:84712239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849138/; classtype:trojan-activity;sid:84712238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849137)"; flow:established,from_client; content:"GET"; http_method; content:"/3546dfae-737d-4b19-930f-3f22c7244178/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kitdocs-openlow-observe-matrix.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849137/; classtype:trojan-activity;sid:84712237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.79.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849136/; classtype:trojan-activity;sid:84712236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.156.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849135/; classtype:trojan-activity;sid:84712235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849134)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ifnofwg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849134/; classtype:trojan-activity;sid:84712234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849133)"; flow:established,from_client; content:"GET"; http_method; content:"/bdf7bec4-c094-4013-8e10-ff4ab1563f17/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ecosystemprocessingcenter.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849133/; classtype:trojan-activity;sid:84712233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849127)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849127/; classtype:trojan-activity;sid:84712227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849128)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849128/; classtype:trojan-activity;sid:84712228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849129)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849129/; classtype:trojan-activity;sid:84712229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849130)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849130/; classtype:trojan-activity;sid:84712230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849131)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849131/; classtype:trojan-activity;sid:84712231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849132)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849132/; classtype:trojan-activity;sid:84712232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849123)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849123/; classtype:trojan-activity;sid:84712223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849124)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849124/; classtype:trojan-activity;sid:84712224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849125)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849125/; classtype:trojan-activity;sid:84712225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849126)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849126/; classtype:trojan-activity;sid:84712226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849121)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849121/; classtype:trojan-activity;sid:84712221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849122)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.148.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849122/; classtype:trojan-activity;sid:84712222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849120)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849120/; classtype:trojan-activity;sid:84712220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849119)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=58dab6da-45dd-444a-a996-21ade890e7f7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"83j6hfza.runtime-forge.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849119/; classtype:trojan-activity;sid:84712219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849118/; classtype:trojan-activity;sid:84712218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849117/; classtype:trojan-activity;sid:84712217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849116)"; flow:established,from_client; content:"GET"; http_method; content:"/33c21f39-26a8-468c-ada8-36f0761c1262/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedgardenmesh.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849116/; classtype:trojan-activity;sid:84712216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849115/; classtype:trojan-activity;sid:84712215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.249.199.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849114/; classtype:trojan-activity;sid:84712214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.130.235.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849113/; classtype:trojan-activity;sid:84712213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849112/; classtype:trojan-activity;sid:84712212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849111)"; flow:established,from_client; content:"GET"; http_method; content:"/f5128d9c-ca65-4e95-9344-f14f05a4b055/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floraobservabilitysystem.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849111/; classtype:trojan-activity;sid:84712211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849110/; classtype:trojan-activity;sid:84712210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.46.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849109/; classtype:trojan-activity;sid:84712209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.130.235.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849108/; classtype:trojan-activity;sid:84712208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849107)"; flow:established,from_client; content:"GET"; http_method; content:"/9a64d71f-af32-4e6d-8974-95d57fea63d7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowautomationplatform.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849107/; classtype:trojan-activity;sid:84712207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.46.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849106/; classtype:trojan-activity;sid:84712206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849105)"; flow:established,from_client; content:"GET"; http_method; content:"/8b169d12-9245-4c71-9457-efcc4e156a87/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigationmanagementhub.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849105/; classtype:trojan-activity;sid:84712205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.210.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849104/; classtype:trojan-activity;sid:84712204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.167.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849103/; classtype:trojan-activity;sid:84712203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849102/; classtype:trojan-activity;sid:84712202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849101/; classtype:trojan-activity;sid:84712201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.210.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849100/; classtype:trojan-activity;sid:84712200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849099)"; flow:established,from_client; content:"GET"; http_method; content:"/061a9ca5-c91e-4c54-a3fc-9c61411fbe1b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalmonitoringengine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849099/; classtype:trojan-activity;sid:84712199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849098/; classtype:trojan-activity;sid:84712198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.39.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849097/; classtype:trojan-activity;sid:84712197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849096)"; flow:established,from_client; content:"GET"; http_method; content:"/78de24bc-baf1-4323-aa39-9ba4fc593bb6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedgardenresource.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849096/; classtype:trojan-activity;sid:84712196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.103.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849095/; classtype:trojan-activity;sid:84712195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849094)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bc34cff5-3fbc-48ca-8192-8761e9698261"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"l8krrumc.cloud-sphere.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849094/; classtype:trojan-activity;sid:84712194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849093/; classtype:trojan-activity;sid:84712193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849092)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4788cdb5-4476-4363-a775-6092dde7a91b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tehpafro.script-horizon.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849092/; classtype:trojan-activity;sid:84712192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849091/; classtype:trojan-activity;sid:84712191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849090)"; flow:established,from_client; content:"GET"; http_method; content:"/40c387b9-98a6-4b70-ad39-91997ddd6286/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloraworkflowsystem.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849090/; classtype:trojan-activity;sid:84712190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.15.90.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849089/; classtype:trojan-activity;sid:84712189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849088/; classtype:trojan-activity;sid:84712188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.39.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849087/; classtype:trojan-activity;sid:84712187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.80.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849086/; classtype:trojan-activity;sid:84712186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.18.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849084/; classtype:trojan-activity;sid:84712184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.3.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849085/; classtype:trojan-activity;sid:84712185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mercury.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849083/; classtype:trojan-activity;sid:84712183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849082/; classtype:trojan-activity;sid:84712182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.26.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849081/; classtype:trojan-activity;sid:84712181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849080)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849080/; classtype:trojan-activity;sid:84712180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849079)"; flow:established,from_client; content:"GET"; http_method; content:"/205c658f-b20f-41be-9633-0acf85ea959a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petaldistributionplatform.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849079/; classtype:trojan-activity;sid:84712179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.80.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849078/; classtype:trojan-activity;sid:84712178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849077)"; flow:established,from_client; content:"GET"; http_method; content:"/71400c2e-7e9f-4c2a-b1ff-8df6438d6045/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhouseoperationscenter.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849077/; classtype:trojan-activity;sid:84712177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.26.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849076/; classtype:trojan-activity;sid:84712176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849075/; classtype:trojan-activity;sid:84712175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849074/; classtype:trojan-activity;sid:84712174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849073/; classtype:trojan-activity;sid:84712173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849072/; classtype:trojan-activity;sid:84712172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849071)"; flow:established,from_client; content:"GET"; http_method; content:"/98b9fd94-4ced-4deb-9d7e-15687e7dc818/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-blue-high-print.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849071/; classtype:trojan-activity;sid:84712171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.46.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849070/; classtype:trojan-activity;sid:84712170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849069)"; flow:established,from_client; content:"GET"; http_method; content:"/757fc5c6-546b-4b20-b58d-9d0e869da00e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-mesh-core-yet-go.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849069/; classtype:trojan-activity;sid:84712169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849068/; classtype:trojan-activity;sid:84712168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.113.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849067/; classtype:trojan-activity;sid:84712167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.129.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849066/; classtype:trojan-activity;sid:84712166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.113.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849065/; classtype:trojan-activity;sid:84712165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849064/; classtype:trojan-activity;sid:84712164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849063/; classtype:trojan-activity;sid:84712163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849062)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3e7e09af-d077-4473-930e-d6367837fd68"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xyv1jupy.container-vector.digital"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849062/; classtype:trojan-activity;sid:84712162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.157.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849061/; classtype:trojan-activity;sid:84712161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849060)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ostekstatmen.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849060/; classtype:trojan-activity;sid:84712160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849059)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"infoworkerone.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849059/; classtype:trojan-activity;sid:84712159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849057)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mstopsai.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849057/; classtype:trojan-activity;sid:84712157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849058)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"monstersstat.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849058/; classtype:trojan-activity;sid:84712158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849056)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"masterklass.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849056/; classtype:trojan-activity;sid:84712156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849055)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"globalsstat.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849055/; classtype:trojan-activity;sid:84712155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849049)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"merkureenv.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849049/; classtype:trojan-activity;sid:84712149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849050)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"globalsstat.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849050/; classtype:trojan-activity;sid:84712150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849051)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jobworkny.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849051/; classtype:trojan-activity;sid:84712151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849052)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"maxstatesus.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849052/; classtype:trojan-activity;sid:84712152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849053)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"infoworkerone.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849053/; classtype:trojan-activity;sid:84712153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849054)"; flow:established,from_client; content:"GET"; http_method; content:"/tracker.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sorrystartstat1.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849054/; classtype:trojan-activity;sid:84712154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849048/; classtype:trojan-activity;sid:84712148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849047/; classtype:trojan-activity;sid:84712147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849046/; classtype:trojan-activity;sid:84712146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.129.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849045/; classtype:trojan-activity;sid:84712145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.208.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849044/; classtype:trojan-activity;sid:84712144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.235.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849043/; classtype:trojan-activity;sid:84712143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849042/; classtype:trojan-activity;sid:84712142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.208.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849039/; classtype:trojan-activity;sid:84712139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.127.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849040/; classtype:trojan-activity;sid:84712140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.84.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849041/; classtype:trojan-activity;sid:84712141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.105.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849038/; classtype:trojan-activity;sid:84712138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.42.58.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849037/; classtype:trojan-activity;sid:84712137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849036/; classtype:trojan-activity;sid:84712136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849035)"; flow:established,from_client; content:"GET"; http_method; content:"/f4d18c29-55a8-460b-8abf-2e4eef773ea8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vaultask-micro-service-pulse.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849035/; classtype:trojan-activity;sid:84712135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849034)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849034/; classtype:trojan-activity;sid:84712134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849023)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849023/; classtype:trojan-activity;sid:84712123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849024)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849024/; classtype:trojan-activity;sid:84712124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849025)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849025/; classtype:trojan-activity;sid:84712125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849026)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849026/; classtype:trojan-activity;sid:84712126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849027)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849027/; classtype:trojan-activity;sid:84712127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849028)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849028/; classtype:trojan-activity;sid:84712128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849029/; classtype:trojan-activity;sid:84712129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849030)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849030/; classtype:trojan-activity;sid:84712130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849031)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849031/; classtype:trojan-activity;sid:84712131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849032)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849032/; classtype:trojan-activity;sid:84712132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849033)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849033/; classtype:trojan-activity;sid:84712133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849022)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849022/; classtype:trojan-activity;sid:84712122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849020)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.c"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849020/; classtype:trojan-activity;sid:84712120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849021)"; flow:established,from_client; content:"GET"; http_method; content:"/test.c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849021/; classtype:trojan-activity;sid:84712121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849019/; classtype:trojan-activity;sid:84712119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849018)"; flow:established,from_client; content:"GET"; http_method; content:"/1339d446-82df-4a27-a02a-59ddf231a3cc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cleanlay-fet-telemetry-vault.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849018/; classtype:trojan-activity;sid:84712118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849017/; classtype:trojan-activity;sid:84712117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849016/; classtype:trojan-activity;sid:84712116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.29.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849015/; classtype:trojan-activity;sid:84712115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849014)"; flow:established,from_client; content:"GET"; http_method; content:"/5f3f32f5-5132-427a-a76b-dfb243c36b95/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"clamprob-folder-runtime-forge.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849014/; classtype:trojan-activity;sid:84712114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.85.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849013/; classtype:trojan-activity;sid:84712113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.35.228.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849012/; classtype:trojan-activity;sid:84712112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849011/; classtype:trojan-activity;sid:84712111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849010)"; flow:established,from_client; content:"GET"; http_method; content:"/4d2e91ca-1c94-48f1-af66-20889dcb5626/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"aimgrub2-cloud-sphere-get.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849010/; classtype:trojan-activity;sid:84712110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.44.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849009/; classtype:trojan-activity;sid:84712109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.44.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849008/; classtype:trojan-activity;sid:84712108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849007/; classtype:trojan-activity;sid:84712107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.29.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849006/; classtype:trojan-activity;sid:84712106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849005)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=04a5ed38-c774-4926-94ad-75b693ad6146"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jcdlhks8.node-pulse.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849005/; classtype:trojan-activity;sid:84712105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.189.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849004/; classtype:trojan-activity;sid:84712104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849003/; classtype:trojan-activity;sid:84712103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849002)"; flow:established,from_client; content:"GET"; http_method; content:"/9d2df7c3-e5c3-4a37-9a99-db42971c667d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"siteyet-script-horizon-go.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849002/; classtype:trojan-activity;sid:84712102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848999)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848999/; classtype:trojan-activity;sid:84712099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849000)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849000/; classtype:trojan-activity;sid:84712100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849001)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849001/; classtype:trojan-activity;sid:84712101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848996)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848996/; classtype:trojan-activity;sid:84712096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848997)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848997/; classtype:trojan-activity;sid:84712097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848998)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848998/; classtype:trojan-activity;sid:84712098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848995)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848995/; classtype:trojan-activity;sid:84712095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848988)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848988/; classtype:trojan-activity;sid:84712088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848989)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848989/; classtype:trojan-activity;sid:84712089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848990)"; flow:established,from_client; content:"GET"; http_method; content:"/scar"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848990/; classtype:trojan-activity;sid:84712090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848991)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848991/; classtype:trojan-activity;sid:84712091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848992)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848992/; classtype:trojan-activity;sid:84712092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848993)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848993/; classtype:trojan-activity;sid:84712093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848994)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848994/; classtype:trojan-activity;sid:84712094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848986/; classtype:trojan-activity;sid:84712086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848987/; classtype:trojan-activity;sid:84712087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848985)"; flow:established,from_client; content:"GET"; http_method; content:"/test_bot"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848985/; classtype:trojan-activity;sid:84712085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848984/; classtype:trojan-activity;sid:84712084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848983)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848983/; classtype:trojan-activity;sid:84712083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848980)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848980/; classtype:trojan-activity;sid:84712080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848981)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848981/; classtype:trojan-activity;sid:84712081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848982)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848982/; classtype:trojan-activity;sid:84712082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848979)"; flow:established,from_client; content:"GET"; http_method; content:"/4a570a3e-0e5e-458c-8230-330f5e67bca8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-low-container-vector.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848979/; classtype:trojan-activity;sid:84712079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848978)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848978/; classtype:trojan-activity;sid:84712078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848977)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848977/; classtype:trojan-activity;sid:84712077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848976)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848976/; classtype:trojan-activity;sid:84712076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848975)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848975/; classtype:trojan-activity;sid:84712075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848961)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848961/; classtype:trojan-activity;sid:84712061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848962)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848962/; classtype:trojan-activity;sid:84712062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848963)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848963/; classtype:trojan-activity;sid:84712063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848964)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848964/; classtype:trojan-activity;sid:84712064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848965)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848965/; classtype:trojan-activity;sid:84712065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848966)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848966/; classtype:trojan-activity;sid:84712066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848967)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848967/; classtype:trojan-activity;sid:84712067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848968)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848968/; classtype:trojan-activity;sid:84712068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848969)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848969/; classtype:trojan-activity;sid:84712069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848970)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848970/; classtype:trojan-activity;sid:84712070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848971)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848971/; classtype:trojan-activity;sid:84712071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848972)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848972/; classtype:trojan-activity;sid:84712072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848973)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848973/; classtype:trojan-activity;sid:84712073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848974)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848974/; classtype:trojan-activity;sid:84712074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848955)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848955/; classtype:trojan-activity;sid:84712055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848956)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848956/; classtype:trojan-activity;sid:84712056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848957)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848957/; classtype:trojan-activity;sid:84712057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848958)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848958/; classtype:trojan-activity;sid:84712058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848959)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848959/; classtype:trojan-activity;sid:84712059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848960)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848960/; classtype:trojan-activity;sid:84712060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848953)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848953/; classtype:trojan-activity;sid:84712053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848954)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848954/; classtype:trojan-activity;sid:84712054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848950)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848950/; classtype:trojan-activity;sid:84712050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848951)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848951/; classtype:trojan-activity;sid:84712051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"toomanyways.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848952/; classtype:trojan-activity;sid:84712052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848948)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848948/; classtype:trojan-activity;sid:84712048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848949)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848949/; classtype:trojan-activity;sid:84712049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848943)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848943/; classtype:trojan-activity;sid:84712043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848944)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848944/; classtype:trojan-activity;sid:84712044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848945)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848945/; classtype:trojan-activity;sid:84712045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848946)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848946/; classtype:trojan-activity;sid:84712046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848947)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848947/; classtype:trojan-activity;sid:84712047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848942)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"js.byxly.eu.cc"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848942/; classtype:trojan-activity;sid:84712042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848941)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848941/; classtype:trojan-activity;sid:84712041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848940/; classtype:trojan-activity;sid:84712040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.10.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848939/; classtype:trojan-activity;sid:84712039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848938)"; flow:established,from_client; content:"GET"; http_method; content:"/42865d26-f731-4430-bf5b-718c05f372f1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cntainrs-folders-giped-green-hub.garden"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848938/; classtype:trojan-activity;sid:84712038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.68.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848937/; classtype:trojan-activity;sid:84712037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848936/; classtype:trojan-activity;sid:84712036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848934)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848934/; classtype:trojan-activity;sid:84712034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848935)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848935/; classtype:trojan-activity;sid:84712035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848933)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848933/; classtype:trojan-activity;sid:84712033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.23.130.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848932/; classtype:trojan-activity;sid:84712032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848930)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.109.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848930/; classtype:trojan-activity;sid:84712030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848931)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.109.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848931/; classtype:trojan-activity;sid:84712031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848927)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.109.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848927/; classtype:trojan-activity;sid:84712027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848928)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848928/; classtype:trojan-activity;sid:84712028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848929)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848929/; classtype:trojan-activity;sid:84712029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848921)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848921/; classtype:trojan-activity;sid:84712021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848922)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848922/; classtype:trojan-activity;sid:84712022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848923)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848923/; classtype:trojan-activity;sid:84712023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848924)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.109.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848924/; classtype:trojan-activity;sid:84712024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848925)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848925/; classtype:trojan-activity;sid:84712025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848926)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848926/; classtype:trojan-activity;sid:84712026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848917)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848917/; classtype:trojan-activity;sid:84712017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848918)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"192.109.200.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848918/; classtype:trojan-activity;sid:84712018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848919)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848919/; classtype:trojan-activity;sid:84712019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848920)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848920/; classtype:trojan-activity;sid:84712020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848916)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848916/; classtype:trojan-activity;sid:84712016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848912)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848912/; classtype:trojan-activity;sid:84712012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848913)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848913/; classtype:trojan-activity;sid:84712013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848914)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848914/; classtype:trojan-activity;sid:84712014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848915)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848915/; classtype:trojan-activity;sid:84712015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848911)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848911/; classtype:trojan-activity;sid:84712011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848910)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848910/; classtype:trojan-activity;sid:84712010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848908)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848908/; classtype:trojan-activity;sid:84712008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848909)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848909/; classtype:trojan-activity;sid:84712009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848907)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848907/; classtype:trojan-activity;sid:84712007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848905)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848905/; classtype:trojan-activity;sid:84712005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848906)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848906/; classtype:trojan-activity;sid:84712006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848903)"; flow:established,from_client; content:"GET"; http_method; content:"/nohup.out"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848903/; classtype:trojan-activity;sid:84712003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848904)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848904/; classtype:trojan-activity;sid:84712004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848896)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848896/; classtype:trojan-activity;sid:84711996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848897)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848897/; classtype:trojan-activity;sid:84711997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848898)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848898/; classtype:trojan-activity;sid:84711998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848899)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848899/; classtype:trojan-activity;sid:84711999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848900)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848900/; classtype:trojan-activity;sid:84712000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848901)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848901/; classtype:trojan-activity;sid:84712001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848902)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848902/; classtype:trojan-activity;sid:84712002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848891)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848891/; classtype:trojan-activity;sid:84711991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848892)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848892/; classtype:trojan-activity;sid:84711992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848893)"; flow:established,from_client; content:"GET"; http_method; content:"/botnet_x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"43.251.116.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848893/; classtype:trojan-activity;sid:84711993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848894)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.s390"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848894/; classtype:trojan-activity;sid:84711994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848895)"; flow:established,from_client; content:"GET"; http_method; content:"/nuklear.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"183.239.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848895/; classtype:trojan-activity;sid:84711995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848888)"; flow:established,from_client; content:"GET"; http_method; content:"/payload"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848888/; classtype:trojan-activity;sid:84711988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848889)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848889/; classtype:trojan-activity;sid:84711989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848890)"; flow:established,from_client; content:"GET"; http_method; content:"/apex.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848890/; classtype:trojan-activity;sid:84711990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848883)"; flow:established,from_client; content:"GET"; http_method; content:"/rename_bots.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848883/; classtype:trojan-activity;sid:84711983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848884)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848884/; classtype:trojan-activity;sid:84711984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848885)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848885/; classtype:trojan-activity;sid:84711985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848886)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848886/; classtype:trojan-activity;sid:84711986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848887)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848887/; classtype:trojan-activity;sid:84711987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848882)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848882/; classtype:trojan-activity;sid:84711982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848881)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848881/; classtype:trojan-activity;sid:84711981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848873)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848873/; classtype:trojan-activity;sid:84711973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848874)"; flow:established,from_client; content:"GET"; http_method; content:"/check_bots.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848874/; classtype:trojan-activity;sid:84711974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848875)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.mps64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848875/; classtype:trojan-activity;sid:84711975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848876)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848876/; classtype:trojan-activity;sid:84711976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848877)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.i386"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848877/; classtype:trojan-activity;sid:84711977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848878)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848878/; classtype:trojan-activity;sid:84711978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848879)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.68.76.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848879/; classtype:trojan-activity;sid:84711979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848880)"; flow:established,from_client; content:"GET"; http_method; content:"/gutsyheartpeu/naturalvision/releases/download/1.2/furry.realms.1.0.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848880/; classtype:trojan-activity;sid:84711980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848872)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wtzazrx6z1bilhfqfdwc4rqudlgopjzb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848872/; classtype:trojan-activity;sid:84711972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.70.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848871/; classtype:trojan-activity;sid:84711971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.70.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848870/; classtype:trojan-activity;sid:84711970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.10.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848868/; classtype:trojan-activity;sid:84711968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.242.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848869/; classtype:trojan-activity;sid:84711969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848867)"; flow:established,from_client; content:"GET"; http_method; content:"/f47fb0eb-1f0b-4f6b-95ad-75f75d0b7293/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flora-obsrvs-ability-todo.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848867/; classtype:trojan-activity;sid:84711967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848866)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848866/; classtype:trojan-activity;sid:84711966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848865)"; flow:established,from_client; content:"GET"; http_method; content:"/post/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848865/; classtype:trojan-activity;sid:84711965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848863)"; flow:established,from_client; content:"GET"; http_method; content:"/post/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848863/; classtype:trojan-activity;sid:84711963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848864)"; flow:established,from_client; content:"GET"; http_method; content:"/post/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848864/; classtype:trojan-activity;sid:84711964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848862)"; flow:established,from_client; content:"GET"; http_method; content:"/post/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848862/; classtype:trojan-activity;sid:84711962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848859)"; flow:established,from_client; content:"GET"; http_method; content:"/post/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848859/; classtype:trojan-activity;sid:84711959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848860)"; flow:established,from_client; content:"GET"; http_method; content:"/post/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848860/; classtype:trojan-activity;sid:84711960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848861)"; flow:established,from_client; content:"GET"; http_method; content:"/post/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848861/; classtype:trojan-activity;sid:84711961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848858)"; flow:established,from_client; content:"GET"; http_method; content:"/post/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848858/; classtype:trojan-activity;sid:84711958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.121.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848855/; classtype:trojan-activity;sid:84711955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848856)"; flow:established,from_client; content:"GET"; http_method; content:"/post/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848856/; classtype:trojan-activity;sid:84711956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848857)"; flow:established,from_client; content:"GET"; http_method; content:"/post/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848857/; classtype:trojan-activity;sid:84711957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848854)"; flow:established,from_client; content:"GET"; http_method; content:"/post/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848854/; classtype:trojan-activity;sid:84711954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848853)"; flow:established,from_client; content:"GET"; http_method; content:"/post/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848853/; classtype:trojan-activity;sid:84711953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848852)"; flow:established,from_client; content:"GET"; http_method; content:"/mao.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.149.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848852/; classtype:trojan-activity;sid:84711952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.142.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848851/; classtype:trojan-activity;sid:84711951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848849/; classtype:trojan-activity;sid:84711949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848850/; classtype:trojan-activity;sid:84711950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848847/; classtype:trojan-activity;sid:84711947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848848)"; flow:established,from_client; content:"GET"; http_method; content:"/962a5552-864c-48e3-8937-0e85bc0b6b8a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"load-meadows-analytics-cntr.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848848/; classtype:trojan-activity;sid:84711948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.94.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848846/; classtype:trojan-activity;sid:84711946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.255.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848845/; classtype:trojan-activity;sid:84711945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.242.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848844/; classtype:trojan-activity;sid:84711944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848843/; classtype:trojan-activity;sid:84711943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848842)"; flow:established,from_client; content:"GET"; http_method; content:"/ef0c03f7-864a-4267-a903-e64131626def/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"july-feded-plants-workflow.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848842/; classtype:trojan-activity;sid:84711942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848841/; classtype:trojan-activity;sid:84711941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848840)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8e01f594-f394-45f4-ab25-be1ebdc99db6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4j0v33ow.cyber-lattice.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848840/; classtype:trojan-activity;sid:84711940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.94.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848839/; classtype:trojan-activity;sid:84711939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848838/; classtype:trojan-activity;sid:84711938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848837/; classtype:trojan-activity;sid:84711937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.255.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848836/; classtype:trojan-activity;sid:84711936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.38.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848835/; classtype:trojan-activity;sid:84711935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.93.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848834/; classtype:trojan-activity;sid:84711934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848833)"; flow:established,from_client; content:"GET"; http_method; content:"/50c4af17-ac3b-4595-8473-5b6358d9d8b0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"it-irrigatn-cntrl-network-go.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848833/; classtype:trojan-activity;sid:84711933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.47.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848832/; classtype:trojan-activity;sid:84711932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.167.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848831/; classtype:trojan-activity;sid:84711931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848830)"; flow:established,from_client; content:"GET"; http_method; content:"/12e378c8-ae65-4523-ac4d-5047f2485eb1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"antbots-uni-resou-plats.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848830/; classtype:trojan-activity;sid:84711930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.248.157.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848829/; classtype:trojan-activity;sid:84711929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848828/; classtype:trojan-activity;sid:84711928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848827/; classtype:trojan-activity;sid:84711927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.27.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848825/; classtype:trojan-activity;sid:84711925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.20.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848826/; classtype:trojan-activity;sid:84711926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.10.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848824/; classtype:trojan-activity;sid:84711924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.227.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848823/; classtype:trojan-activity;sid:84711923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848822)"; flow:established,from_client; content:"GET"; http_method; content:"/57245a21-8d94-43bf-aa16-fcb66b322a1c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"get-shell-gard-frame-work.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848822/; classtype:trojan-activity;sid:84711922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.169.166.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848821/; classtype:trojan-activity;sid:84711921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.107.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848820/; classtype:trojan-activity;sid:84711920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848819/; classtype:trojan-activity;sid:84711919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.20.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848818/; classtype:trojan-activity;sid:84711918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.227.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848817/; classtype:trojan-activity;sid:84711917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.210.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848816/; classtype:trojan-activity;sid:84711916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848815)"; flow:established,from_client; content:"GET"; http_method; content:"/d6ce0e64-d74c-4fcf-976a-799cadc7963b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"great-fauna-tcpipgay-go-system.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848815/; classtype:trojan-activity;sid:84711915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.93.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848814/; classtype:trojan-activity;sid:84711914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848813/; classtype:trojan-activity;sid:84711913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848811)"; flow:established,from_client; content:"GET"; http_method; content:"/4ab011f6-b93a-41e2-9575-1950f87feb78/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"docktan-flexo-avastpig-engine.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848811/; classtype:trojan-activity;sid:84711911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.23.91.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848812/; classtype:trojan-activity;sid:84711912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848810/; classtype:trojan-activity;sid:84711910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848809/; classtype:trojan-activity;sid:84711909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848808/; classtype:trojan-activity;sid:84711908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848807/; classtype:trojan-activity;sid:84711907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.84.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848806/; classtype:trojan-activity;sid:84711906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848805)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848805/; classtype:trojan-activity;sid:84711905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848798)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848798/; classtype:trojan-activity;sid:84711898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848799)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848799/; classtype:trojan-activity;sid:84711899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848800)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848800/; classtype:trojan-activity;sid:84711900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848801)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848801/; classtype:trojan-activity;sid:84711901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848802)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848802/; classtype:trojan-activity;sid:84711902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848803)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848803/; classtype:trojan-activity;sid:84711903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848804)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848804/; classtype:trojan-activity;sid:84711904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848797)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.248.80.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848797/; classtype:trojan-activity;sid:84711897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848796/; classtype:trojan-activity;sid:84711896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848795)"; flow:established,from_client; content:"GET"; http_method; content:"/a4ee093e-4d2c-46b2-bcc4-07200a431043/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glow-hub-herboron-sixoauth-work.garden"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848795/; classtype:trojan-activity;sid:84711895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.24.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848794/; classtype:trojan-activity;sid:84711894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.53.233.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848793/; classtype:trojan-activity;sid:84711893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.230.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848792/; classtype:trojan-activity;sid:84711892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848791)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.176.14.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848791/; classtype:trojan-activity;sid:84711891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848789)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.176.14.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848789/; classtype:trojan-activity;sid:84711889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848790)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"121.176.14.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848790/; classtype:trojan-activity;sid:84711890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848787)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.176.14.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848787/; classtype:trojan-activity;sid:84711887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848788)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.176.14.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848788/; classtype:trojan-activity;sid:84711888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848786)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"121.176.14.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848786/; classtype:trojan-activity;sid:84711886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"159.255.22.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848785/; classtype:trojan-activity;sid:84711885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848784)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=304dc7c8-f038-494d-b654-88fa37a8a0c6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"23dcbt0c.network-horizon.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848784/; classtype:trojan-activity;sid:84711884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jenkins"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848783/; classtype:trojan-activity;sid:84711883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848782/; classtype:trojan-activity;sid:84711882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848781/; classtype:trojan-activity;sid:84711881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848780)"; flow:established,from_client; content:"GET"; http_method; content:"/6b919806-7463-4c2e-b63d-908b56813d79/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"container-folder-gized-greenhub.garden"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848780/; classtype:trojan-activity;sid:84711880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.135.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848779/; classtype:trojan-activity;sid:84711879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848778)"; flow:established,from_client; content:"GET"; http_method; content:"/gutsyheartpeu/davinci-vpn/releases/download/3.2/davinci.vpn.3.2.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848778/; classtype:trojan-activity;sid:84711878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.103.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848777/; classtype:trojan-activity;sid:84711877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.64.135.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848776/; classtype:trojan-activity;sid:84711876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848775)"; flow:established,from_client; content:"GET"; http_method; content:"/c78167f2-ae7f-452f-b61e-c9545f3a4358/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flora-observe-ability-engine.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848775/; classtype:trojan-activity;sid:84711875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.36.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848774/; classtype:trojan-activity;sid:84711874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848773/; classtype:trojan-activity;sid:84711873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848772)"; flow:established,from_client; content:"GET"; http_method; content:"/35da65eb-8288-4efc-a901-6782ed0509d2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"coad-meadow-analytics-center.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848772/; classtype:trojan-activity;sid:84711872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.178.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848771/; classtype:trojan-activity;sid:84711871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.202.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848770/; classtype:trojan-activity;sid:84711870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.36.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848769/; classtype:trojan-activity;sid:84711869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.111.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848768/; classtype:trojan-activity;sid:84711868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848767)"; flow:established,from_client; content:"GET"; http_method; content:"/43e3e3f2-ea94-4f09-b71f-982faf95b5e8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"june-fed-plant-workflow.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848767/; classtype:trojan-activity;sid:84711867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.90.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848766/; classtype:trojan-activity;sid:84711866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848765/; classtype:trojan-activity;sid:84711865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.181.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848764/; classtype:trojan-activity;sid:84711864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.168.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848763/; classtype:trojan-activity;sid:84711863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848762)"; flow:established,from_client; content:"GET"; http_method; content:"/b185f44d-51ed-45d5-8c93-66edd616a4fe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"it-irrigation-control-network.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848762/; classtype:trojan-activity;sid:84711862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.181.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848761/; classtype:trojan-activity;sid:84711861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848760/; classtype:trojan-activity;sid:84711860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.90.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848759/; classtype:trojan-activity;sid:84711859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.178.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848758/; classtype:trojan-activity;sid:84711858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.168.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848757/; classtype:trojan-activity;sid:84711857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848756)"; flow:established,from_client; content:"GET"; http_method; content:"/dab42d4d-82a4-4d71-89e2-701284677dd3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bots-unical-resource-platform.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848756/; classtype:trojan-activity;sid:84711856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848755)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=18e43fcd-7888-4712-86d7-27df8740abc2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4getd0km.script-matrix.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848755/; classtype:trojan-activity;sid:84711855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.14.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848754/; classtype:trojan-activity;sid:84711854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.147.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848753/; classtype:trojan-activity;sid:84711853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.221.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848752/; classtype:trojan-activity;sid:84711852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.216.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848751/; classtype:trojan-activity;sid:84711851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848750)"; flow:established,from_client; content:"GET"; http_method; content:"/5df02ade-be96-4b58-a8fb-9728a09fe44e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"shells-garden-framework.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848750/; classtype:trojan-activity;sid:84711850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.221.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848749/; classtype:trojan-activity;sid:84711849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.167.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848748/; classtype:trojan-activity;sid:84711848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.224.14.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848747/; classtype:trojan-activity;sid:84711847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.147.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848746/; classtype:trojan-activity;sid:84711846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848745)"; flow:established,from_client; content:"GET"; http_method; content:"/56ac5a7d-4560-415b-be81-60f72310a6da/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wild-flora-processing-go-system.garden"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848745/; classtype:trojan-activity;sid:84711845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.216.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848744/; classtype:trojan-activity;sid:84711844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.102.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848743/; classtype:trojan-activity;sid:84711843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.142.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848741/; classtype:trojan-activity;sid:84711841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.142.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848742/; classtype:trojan-activity;sid:84711842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848740)"; flow:established,from_client; content:"GET"; http_method; content:"/9a77b1c8-2189-45f4-90e9-d491c1bf0053/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"got-flexl-distrib-engine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848740/; classtype:trojan-activity;sid:84711840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.38.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848739/; classtype:trojan-activity;sid:84711839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848738/; classtype:trojan-activity;sid:84711838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.115.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848737/; classtype:trojan-activity;sid:84711837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848736)"; flow:established,from_client; content:"GET"; http_method; content:"/f0a864a4-6104-48f1-8efb-a7ead220fbab/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flow-hub-green-house-work.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848736/; classtype:trojan-activity;sid:84711836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.83.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848735/; classtype:trojan-activity;sid:84711835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848734)"; flow:established,from_client; content:"GET"; http_method; content:"/763888fa-4152-4ed7-ad5d-6446639d67b1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloraprocessingsystem.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848734/; classtype:trojan-activity;sid:84711834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.18.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848733/; classtype:trojan-activity;sid:84711833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.76.136.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848732/; classtype:trojan-activity;sid:84711832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.20.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848731/; classtype:trojan-activity;sid:84711831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.17.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848729/; classtype:trojan-activity;sid:84711829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.218.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848730/; classtype:trojan-activity;sid:84711830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.38.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848728/; classtype:trojan-activity;sid:84711828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848727/; classtype:trojan-activity;sid:84711827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.102.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848726/; classtype:trojan-activity;sid:84711826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848725)"; flow:established,from_client; content:"GET"; http_method; content:"/80594af8-ed70-430d-8f54-e3f6cf888a03/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petal-distribution-engine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848725/; classtype:trojan-activity;sid:84711825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848724)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=02d403b6-281a-4019-bb55-dcc49482e282"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2b7f1jfa.cloud-forge.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848724/; classtype:trojan-activity;sid:84711824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.18.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848723/; classtype:trojan-activity;sid:84711823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.17.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848722/; classtype:trojan-activity;sid:84711822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.20.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848721/; classtype:trojan-activity;sid:84711821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.137.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848720/; classtype:trojan-activity;sid:84711820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.38.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848719/; classtype:trojan-activity;sid:84711819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848718/; classtype:trojan-activity;sid:84711818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848717/; classtype:trojan-activity;sid:84711817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848716)"; flow:established,from_client; content:"GET"; http_method; content:"/659ff5a6-9d6d-4f6c-ba32-75f10cdef407/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigation-control-network.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848716/; classtype:trojan-activity;sid:84711816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848715/; classtype:trojan-activity;sid:84711815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848714)"; flow:established,from_client; content:"GET"; http_method; content:"/d281eb6c-934f-432e-9093-cca0631ee044/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhouseworkflowhub.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848714/; classtype:trojan-activity;sid:84711814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848713/; classtype:trojan-activity;sid:84711813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.137.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848712/; classtype:trojan-activity;sid:84711812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.203.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848711/; classtype:trojan-activity;sid:84711811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.96.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848710/; classtype:trojan-activity;sid:84711810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.5.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848709/; classtype:trojan-activity;sid:84711809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.115.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848708/; classtype:trojan-activity;sid:84711808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848707)"; flow:established,from_client; content:"GET"; http_method; content:"/1df0177d-28f4-4d6b-8853-b32b64c6dc59/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-garden-framework.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848707/; classtype:trojan-activity;sid:84711807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848706/; classtype:trojan-activity;sid:84711806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.5.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848705/; classtype:trojan-activity;sid:84711805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848704)"; flow:established,from_client; content:"GET"; http_method; content:"/4b12b23c-f549-40fc-ad78-fb77a8253d9a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalresourceplatform.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848704/; classtype:trojan-activity;sid:84711804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848703/; classtype:trojan-activity;sid:84711803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848702/; classtype:trojan-activity;sid:84711802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848701/; classtype:trojan-activity;sid:84711801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.33.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848700/; classtype:trojan-activity;sid:84711800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848699)"; flow:established,from_client; content:"GET"; http_method; content:"/c61dcac6-41f2-4e86-bd4c-280e86e9ee3e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"forgotten-civilization-myth.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848699/; classtype:trojan-activity;sid:84711799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848698/; classtype:trojan-activity;sid:84711798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848697)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848697/; classtype:trojan-activity;sid:84711797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848696)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848696/; classtype:trojan-activity;sid:84711796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848695)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848695/; classtype:trojan-activity;sid:84711795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848693)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848693/; classtype:trojan-activity;sid:84711793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848694)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848694/; classtype:trojan-activity;sid:84711794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848691)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848691/; classtype:trojan-activity;sid:84711791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848692)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848692/; classtype:trojan-activity;sid:84711792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848690)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848690/; classtype:trojan-activity;sid:84711790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848688)"; flow:established,from_client; content:"GET"; http_method; content:"/miner.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848688/; classtype:trojan-activity;sid:84711788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848689)"; flow:established,from_client; content:"GET"; http_method; content:"/armv71"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848689/; classtype:trojan-activity;sid:84711789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848687)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848687/; classtype:trojan-activity;sid:84711787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848678)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848678/; classtype:trojan-activity;sid:84711778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848679)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848679/; classtype:trojan-activity;sid:84711779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848680)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848680/; classtype:trojan-activity;sid:84711780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848681)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848681/; classtype:trojan-activity;sid:84711781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848682)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848682/; classtype:trojan-activity;sid:84711782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848683)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848683/; classtype:trojan-activity;sid:84711783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848684)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848684/; classtype:trojan-activity;sid:84711784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848685)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848685/; classtype:trojan-activity;sid:84711785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848686/; classtype:trojan-activity;sid:84711786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848677)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848677/; classtype:trojan-activity;sid:84711777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848676)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848676/; classtype:trojan-activity;sid:84711776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848673)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848673/; classtype:trojan-activity;sid:84711773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848674)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848674/; classtype:trojan-activity;sid:84711774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848675)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848675/; classtype:trojan-activity;sid:84711775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848672)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848672/; classtype:trojan-activity;sid:84711772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848671/; classtype:trojan-activity;sid:84711771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848670)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0938e072-a68b-4956-809d-84159a094e12"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ba5ufc2h.logic-sphere.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848670/; classtype:trojan-activity;sid:84711770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848658)"; flow:established,from_client; content:"GET"; http_method; content:"/miner.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848658/; classtype:trojan-activity;sid:84711758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848659)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848659/; classtype:trojan-activity;sid:84711759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848660)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v7.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848660/; classtype:trojan-activity;sid:84711760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848661)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v7.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848661/; classtype:trojan-activity;sid:84711761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848662)"; flow:established,from_client; content:"GET"; http_method; content:"/x.armel"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848662/; classtype:trojan-activity;sid:84711762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848663)"; flow:established,from_client; content:"GET"; http_method; content:"/x.mips64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848663/; classtype:trojan-activity;sid:84711763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848664)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v6.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848664/; classtype:trojan-activity;sid:84711764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848665)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848665/; classtype:trojan-activity;sid:84711765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848666)"; flow:established,from_client; content:"GET"; http_method; content:"/x.i386"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848666/; classtype:trojan-activity;sid:84711766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848667)"; flow:established,from_client; content:"GET"; http_method; content:"/x.sh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848667/; classtype:trojan-activity;sid:84711767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848668)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848668/; classtype:trojan-activity;sid:84711768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848669)"; flow:established,from_client; content:"GET"; http_method; content:"/armv71"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848669/; classtype:trojan-activity;sid:84711769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848636)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v7.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848636/; classtype:trojan-activity;sid:84711736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848637)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848637/; classtype:trojan-activity;sid:84711737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848638)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848638/; classtype:trojan-activity;sid:84711738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848639)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848639/; classtype:trojan-activity;sid:84711739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848640)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848640/; classtype:trojan-activity;sid:84711740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848641)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848641/; classtype:trojan-activity;sid:84711741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848642)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848642/; classtype:trojan-activity;sid:84711742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848643)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v7.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848643/; classtype:trojan-activity;sid:84711743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848644)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.armhf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848644/; classtype:trojan-activity;sid:84711744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848645)"; flow:established,from_client; content:"GET"; http_method; content:"/x.arm64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848645/; classtype:trojan-activity;sid:84711745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848646)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64el"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848646/; classtype:trojan-activity;sid:84711746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848647)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848647/; classtype:trojan-activity;sid:84711747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848648)"; flow:established,from_client; content:"GET"; http_method; content:"/armel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848648/; classtype:trojan-activity;sid:84711748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848649)"; flow:established,from_client; content:"GET"; http_method; content:"/x.armhf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848649/; classtype:trojan-activity;sid:84711749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848650)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v8.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848650/; classtype:trojan-activity;sid:84711750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848651)"; flow:established,from_client; content:"GET"; http_method; content:"/x.powerpc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848651/; classtype:trojan-activity;sid:84711751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848652)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v7.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848652/; classtype:trojan-activity;sid:84711752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848653)"; flow:established,from_client; content:"GET"; http_method; content:"/x.aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848653/; classtype:trojan-activity;sid:84711753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848654)"; flow:established,from_client; content:"GET"; http_method; content:"/x.mips64el"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848654/; classtype:trojan-activity;sid:84711754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848655)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848655/; classtype:trojan-activity;sid:84711755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848656)"; flow:established,from_client; content:"GET"; http_method; content:"/x.i686"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848656/; classtype:trojan-activity;sid:84711756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848657)"; flow:established,from_client; content:"GET"; http_method; content:"/x.x86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848657/; classtype:trojan-activity;sid:84711757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848608)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v3.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848608/; classtype:trojan-activity;sid:84711708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848609)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848609/; classtype:trojan-activity;sid:84711709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848610)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848610/; classtype:trojan-activity;sid:84711710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848611)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v9.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848611/; classtype:trojan-activity;sid:84711711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848612)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v6.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848612/; classtype:trojan-activity;sid:84711712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848613)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848613/; classtype:trojan-activity;sid:84711713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848614)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v3.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848614/; classtype:trojan-activity;sid:84711714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848615)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v3.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848615/; classtype:trojan-activity;sid:84711715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848616)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v4.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848616/; classtype:trojan-activity;sid:84711716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848617)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v9.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848617/; classtype:trojan-activity;sid:84711717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848618)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v3.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848618/; classtype:trojan-activity;sid:84711718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848619)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v10.mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848619/; classtype:trojan-activity;sid:84711719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848620)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848620/; classtype:trojan-activity;sid:84711720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848621)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v6.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848621/; classtype:trojan-activity;sid:84711721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848622)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.armhf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848622/; classtype:trojan-activity;sid:84711722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848623)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848623/; classtype:trojan-activity;sid:84711723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848624)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848624/; classtype:trojan-activity;sid:84711724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848625)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v9.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848625/; classtype:trojan-activity;sid:84711725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848626)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v6.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848626/; classtype:trojan-activity;sid:84711726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848627)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v5.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848627/; classtype:trojan-activity;sid:84711727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848628)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v5.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848628/; classtype:trojan-activity;sid:84711728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848629)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v6.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848629/; classtype:trojan-activity;sid:84711729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848630)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.powerpc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848630/; classtype:trojan-activity;sid:84711730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848631)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848631/; classtype:trojan-activity;sid:84711731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848632)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v5.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848632/; classtype:trojan-activity;sid:84711732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848633)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848633/; classtype:trojan-activity;sid:84711733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848634)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v4.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848634/; classtype:trojan-activity;sid:84711734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848635)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848635/; classtype:trojan-activity;sid:84711735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848584)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848584/; classtype:trojan-activity;sid:84711684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848585)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v10.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848585/; classtype:trojan-activity;sid:84711685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848586)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848586/; classtype:trojan-activity;sid:84711686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848587)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848587/; classtype:trojan-activity;sid:84711687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848588)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848588/; classtype:trojan-activity;sid:84711688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848589)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v4.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848589/; classtype:trojan-activity;sid:84711689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848590)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v4.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848590/; classtype:trojan-activity;sid:84711690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848591)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848591/; classtype:trojan-activity;sid:84711691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848592)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848592/; classtype:trojan-activity;sid:84711692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848593)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v9.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848593/; classtype:trojan-activity;sid:84711693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848594)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848594/; classtype:trojan-activity;sid:84711694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848595)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v10.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848595/; classtype:trojan-activity;sid:84711695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848596)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.armhf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848596/; classtype:trojan-activity;sid:84711696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848597)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848597/; classtype:trojan-activity;sid:84711697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848598)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_amp.powerpc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848598/; classtype:trojan-activity;sid:84711698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848599)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v4.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848599/; classtype:trojan-activity;sid:84711699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848600)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v5.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848600/; classtype:trojan-activity;sid:84711700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848601)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v10.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848601/; classtype:trojan-activity;sid:84711701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848602)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v5.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848602/; classtype:trojan-activity;sid:84711702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848603)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v3.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848603/; classtype:trojan-activity;sid:84711703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848604)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848604/; classtype:trojan-activity;sid:84711704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848605)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.armhf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848605/; classtype:trojan-activity;sid:84711705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848606)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_v2.aarch64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848606/; classtype:trojan-activity;sid:84711706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848607)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_new.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848607/; classtype:trojan-activity;sid:84711707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848582)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"svosoldati.file-online.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848582/; classtype:trojan-activity;sid:84711682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848583)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milan-hasbik.file-online.lat"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848583/; classtype:trojan-activity;sid:84711683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848581)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1sj4u9.file-online.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848581/; classtype:trojan-activity;sid:84711681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848580)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0gtutd.yandex-file.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848580/; classtype:trojan-activity;sid:84711680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848579)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5pt4yq.file-online.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848579/; classtype:trojan-activity;sid:84711679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848577)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sir8uu.yandex-file.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848577/; classtype:trojan-activity;sid:84711677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848578)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/oixbhi9ex6rasydplm2su/5621390019_protected.exe|3f|rlkey=zgxdnsdy6p7bxstuasb3rcvkg|7c|26|7c|st=szs69fqf|7c|26|7c|dl=1"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848578/; classtype:trojan-activity;sid:84711678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848574)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.v10.aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848574/; classtype:trojan-activity;sid:84711674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848575)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armhf"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.230.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848575/; classtype:trojan-activity;sid:84711675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848576)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_8614c9a8cb905bb7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848576/; classtype:trojan-activity;sid:84711676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848573)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/js/bin/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"motriztrading.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848573/; classtype:trojan-activity;sid:84711673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848572)"; flow:established,from_client; content:"GET"; http_method; content:"/cqslt/server.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"temp.sh"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848572/; classtype:trojan-activity;sid:84711672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848569)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_cd8e69fee59d44f9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848569/; classtype:trojan-activity;sid:84711669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848570)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ddceccb82c300862.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848570/; classtype:trojan-activity;sid:84711670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848571)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_9c4ae13fc1b5979b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848571/; classtype:trojan-activity;sid:84711671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848568)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ggwpcheats.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848568/; classtype:trojan-activity;sid:84711668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848567)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/wxw0a123ip3m/mini-windows.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848567/; classtype:trojan-activity;sid:84711667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848565)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_8ee6cfb3c95ba9fd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848565/; classtype:trojan-activity;sid:84711665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848566)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f2b7e4245c71618a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848566/; classtype:trojan-activity;sid:84711666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848559)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ba112fd99234f3d0.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848559/; classtype:trojan-activity;sid:84711659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848560)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_bd1c30c061d58b61.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848560/; classtype:trojan-activity;sid:84711660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848561)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_274ff12d25b209ab.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848561/; classtype:trojan-activity;sid:84711661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848562)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_07270b461b09d259.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848562/; classtype:trojan-activity;sid:84711662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848563)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_adb3c6e8ffa836d9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848563/; classtype:trojan-activity;sid:84711663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848564)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_023e3436c4c9b9f0.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848564/; classtype:trojan-activity;sid:84711664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.44.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848558/; classtype:trojan-activity;sid:84711658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848557/; classtype:trojan-activity;sid:84711657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.171.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848556/; classtype:trojan-activity;sid:84711656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848555)"; flow:established,from_client; content:"GET"; http_method; content:"/61ba98a4-7af9-4c58-80ed-09b15b0e4233/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"perfect-lasagna-layer.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848555/; classtype:trojan-activity;sid:84711655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848554)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/hhtv1g1v0gej1jkilj9kk/app.exe|3f|rlkey=0crc8slz2xge7ad5kk5rarura|7c|26|7c|st=lor1yi1n|7c|26|7c|dl=1"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848554/; classtype:trojan-activity;sid:84711654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.171.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848553/; classtype:trojan-activity;sid:84711653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.43.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848552/; classtype:trojan-activity;sid:84711652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848551)"; flow:established,from_client; content:"GET"; http_method; content:"/77f58155-46a3-4825-819f-3c98f05a7544/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glacial-ice-core-sample.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848551/; classtype:trojan-activity;sid:84711651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.43.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848550/; classtype:trojan-activity;sid:84711650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848549)"; flow:established,from_client; content:"GET"; http_method; content:"/67616b8b-5a04-41bd-8641-1826b907c33e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"steampunkaeronautics.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848549/; classtype:trojan-activity;sid:84711649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848548)"; flow:established,from_client; content:"GET"; http_method; content:"/download/windowsservice.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"141.164.63.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848548/; classtype:trojan-activity;sid:84711648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848546)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv7l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848546/; classtype:trojan-activity;sid:84711646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848547)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv4l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848547/; classtype:trojan-activity;sid:84711647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848545)"; flow:established,from_client; content:"GET"; http_method; content:"/download/client_pure.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"141.164.63.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848545/; classtype:trojan-activity;sid:84711645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848541/; classtype:trojan-activity;sid:84711641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv5l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848542/; classtype:trojan-activity;sid:84711642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv6l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848543/; classtype:trojan-activity;sid:84711643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848544/; classtype:trojan-activity;sid:84711644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848533/; classtype:trojan-activity;sid:84711633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848534/; classtype:trojan-activity;sid:84711634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848535/; classtype:trojan-activity;sid:84711635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848536)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fatkow.file-online.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848536/; classtype:trojan-activity;sid:84711636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848537)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xc88b0.file-online.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848537/; classtype:trojan-activity;sid:84711637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848538)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"epx5g5.file-online.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848538/; classtype:trojan-activity;sid:84711638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848539/; classtype:trojan-activity;sid:84711639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848540/; classtype:trojan-activity;sid:84711640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848532)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"svo-pois.file-online.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848532/; classtype:trojan-activity;sid:84711632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848527)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c2678a9a1b213aef.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848527/; classtype:trojan-activity;sid:84711627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848528)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_9276eb0f57308d73.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848528/; classtype:trojan-activity;sid:84711628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848529)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_60ac81dcbb06b186.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848529/; classtype:trojan-activity;sid:84711629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848530)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maxvideo.file-online.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848530/; classtype:trojan-activity;sid:84711630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848531)"; flow:established,from_client; content:"GET"; http_method; content:"/nova.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2.56.246.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848531/; classtype:trojan-activity;sid:84711631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848526)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/w5wmeltzsvpw/winspec.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848526/; classtype:trojan-activity;sid:84711626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848525)"; flow:established,from_client; content:"GET"; http_method; content:"/1776562136/svchost.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.26.122.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848525/; classtype:trojan-activity;sid:84711625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848524)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1445797339582431235/1504773199617982544/system32.exe|3f|ex=6a098640|7c|26|7c|is=6a0834c0|7c|26|7c|hm=07c4176594733262d2584b74b559d6b324d274bed937c7d40ea155136f74d39e|7c|26|7c|"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848524/; classtype:trojan-activity;sid:84711624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848523)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1445797339582431235/1504773199617982544/system32.exe|3f|ex=6a0834c0|7c|26|7c|is=6a06e340|7c|26|7c|hm=3670f8671808b14a7de590d651e3665166f99776ec939944b77c054ee0af7fc3|7c|26|7c|"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848523/; classtype:trojan-activity;sid:84711623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848520)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ex1a1fllyh1s9btieeqn6/sq469eehw8ty.exe|3f|rlkey=igsxdnz60e4j9awr87sfdq6tf|7c|26|7c|st=ox0brfwh|7c|26|7c|dl=0https://www.dropbox.com/scl/fi/ex1a1fllyh1s9btieeqn6/sq469eehw8ty.exe|3f|rlkey=igsxdnz60e4j9awr87sfdq6tf|7c|26|7c|st=ox0brfwh|7c|26|7c|dl=1"; http_uri; depth:255; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848520/; classtype:trojan-activity;sid:84711620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848521)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.91.96.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848521/; classtype:trojan-activity;sid:84711621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848522)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dpsradars.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848522/; classtype:trojan-activity;sid:84711622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848510)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_3c998b977b8a6715.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848510/; classtype:trojan-activity;sid:84711610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848511)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_84f8517db3ecabce.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848511/; classtype:trojan-activity;sid:84711611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848512)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c4f1a8d3608fd717.cmd"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848512/; classtype:trojan-activity;sid:84711612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848513)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_58e75d774ea83f95.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848513/; classtype:trojan-activity;sid:84711613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848514)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_28e7b09ae7bba3f2.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848514/; classtype:trojan-activity;sid:84711614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848515)"; flow:established,from_client; content:"GET"; http_method; content:"/script.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"novacinder.digital"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848515/; classtype:trojan-activity;sid:84711615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848516)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1e6fc70654906fb5.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848516/; classtype:trojan-activity;sid:84711616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848517)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_27ccfff44d61983d.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848517/; classtype:trojan-activity;sid:84711617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848518)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_8bdb712dca908d02.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848518/; classtype:trojan-activity;sid:84711618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848519)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e353c81a9a32e76e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848519/; classtype:trojan-activity;sid:84711619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.227.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848509/; classtype:trojan-activity;sid:84711609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.13.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848508/; classtype:trojan-activity;sid:84711608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848507)"; flow:established,from_client; content:"GET"; http_method; content:"/866fee0b-b1db-4cf0-9cee-5d6bf2c4565a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"alchemical-formula-scroll.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848507/; classtype:trojan-activity;sid:84711607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.209.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848506/; classtype:trojan-activity;sid:84711606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.155.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848505/; classtype:trojan-activity;sid:84711605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848504/; classtype:trojan-activity;sid:84711604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848503)"; flow:established,from_client; content:"GET"; http_method; content:"/bd70a08d-ceac-4d91-abbe-dffbdb33d2e3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cosmicmicrowavebackground.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848503/; classtype:trojan-activity;sid:84711603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.177.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848502/; classtype:trojan-activity;sid:84711602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.113.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848500/; classtype:trojan-activity;sid:84711600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848501/; classtype:trojan-activity;sid:84711601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.209.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848499/; classtype:trojan-activity;sid:84711599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848498/; classtype:trojan-activity;sid:84711598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.155.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848497/; classtype:trojan-activity;sid:84711597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848496/; classtype:trojan-activity;sid:84711596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848495)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.58.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848495/; classtype:trojan-activity;sid:84711595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.127.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848494/; classtype:trojan-activity;sid:84711594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.177.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848493/; classtype:trojan-activity;sid:84711593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848492)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=12490a74-9264-4ea6-b8ec-2556f1e51192"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"d1jtbg8r.node-matrix.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848492/; classtype:trojan-activity;sid:84711592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848491)"; flow:established,from_client; content:"GET"; http_method; content:"/6be3e3b7-b67c-4b7b-8dcb-fc56b44796f0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vintage-blueprint-vault.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848491/; classtype:trojan-activity;sid:84711591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848490/; classtype:trojan-activity;sid:84711590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848489/; classtype:trojan-activity;sid:84711589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848488)"; flow:established,from_client; content:"GET"; http_method; content:"/0d270c3a-bb43-4073-bef7-3c7b0cfec449/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"abyssal-kraken-trench.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848488/; classtype:trojan-activity;sid:84711588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848487/; classtype:trojan-activity;sid:84711587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848486)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848486/; classtype:trojan-activity;sid:84711586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848485/; classtype:trojan-activity;sid:84711585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848484)"; flow:established,from_client; content:"GET"; http_method; content:"/4171e19a-af47-45fb-ad00-7b2ee9cd5995/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"handmade-cheese-traveler.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848484/; classtype:trojan-activity;sid:84711584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jenkins"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848483/; classtype:trojan-activity;sid:84711583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848482/; classtype:trojan-activity;sid:84711582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.143.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848481/; classtype:trojan-activity;sid:84711581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.234.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848480/; classtype:trojan-activity;sid:84711580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848479)"; flow:established,from_client; content:"GET"; http_method; content:"/f5c8d04d-57a4-4d5f-abad-01692e983424/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"predator-hunting-chronicles.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848479/; classtype:trojan-activity;sid:84711579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.32.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848477/; classtype:trojan-activity;sid:84711577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.143.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848478/; classtype:trojan-activity;sid:84711578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848476)"; flow:established,from_client; content:"GET"; http_method; content:"/385d21df-cce5-47e2-9dd4-c0bb9ed6bc55/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"chronicle-archive-keeper.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848476/; classtype:trojan-activity;sid:84711576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.234.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848475/; classtype:trojan-activity;sid:84711575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848474/; classtype:trojan-activity;sid:84711574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848472/; classtype:trojan-activity;sid:84711572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848473/; classtype:trojan-activity;sid:84711573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848471)"; flow:established,from_client; content:"GET"; http_method; content:"/78ff4c08-3db8-4567-b0df-1ffa05092bbe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pixelartcanvas.garden"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848471/; classtype:trojan-activity;sid:84711571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.104.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848470/; classtype:trojan-activity;sid:84711570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.42.87"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848469/; classtype:trojan-activity;sid:84711569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.158.173.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848468/; classtype:trojan-activity;sid:84711568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848467)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=23ee1c81-a74d-4e7c-9128-6dc5fba8ec01"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jomn9u8k.cyber-relay.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848467/; classtype:trojan-activity;sid:84711567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848466)"; flow:established,from_client; content:"GET"; http_method; content:"/a82a4b86-b55f-4157-b65d-fad577d31fea/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"suboceanic-trench-sonar.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848466/; classtype:trojan-activity;sid:84711566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.104.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848465/; classtype:trojan-activity;sid:84711565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.137.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848464/; classtype:trojan-activity;sid:84711564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.173.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848463/; classtype:trojan-activity;sid:84711563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848462/; classtype:trojan-activity;sid:84711562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.7.221"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848461/; classtype:trojan-activity;sid:84711561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848460)"; flow:established,from_client; content:"GET"; http_method; content:"/3cedeea1-8854-4539-af98-81e1310b6891/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vintage-vinyl-restoration.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848460/; classtype:trojan-activity;sid:84711560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.137.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848459/; classtype:trojan-activity;sid:84711559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.97.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848458/; classtype:trojan-activity;sid:84711558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.197.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848457/; classtype:trojan-activity;sid:84711557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.10.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848456/; classtype:trojan-activity;sid:84711556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.26.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848455/; classtype:trojan-activity;sid:84711555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.197.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848454/; classtype:trojan-activity;sid:84711554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848452/; classtype:trojan-activity;sid:84711552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848453/; classtype:trojan-activity;sid:84711553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848451)"; flow:established,from_client; content:"GET"; http_method; content:"/27815609-0ac5-4bcb-8ed3-b053ef4e81d0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"volcanic-magma-chamber.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848451/; classtype:trojan-activity;sid:84711551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.249.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848450/; classtype:trojan-activity;sid:84711550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.177.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848449/; classtype:trojan-activity;sid:84711549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848448/; classtype:trojan-activity;sid:84711548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848447/; classtype:trojan-activity;sid:84711547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848446)"; flow:established,from_client; content:"GET"; http_method; content:"/3a9625a5-2df3-430d-88ff-ff91f8ee844f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"neoncyberpunkcity.garden"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848446/; classtype:trojan-activity;sid:84711546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848445/; classtype:trojan-activity;sid:84711545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.6.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848444/; classtype:trojan-activity;sid:84711544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848443/; classtype:trojan-activity;sid:84711543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848442/; classtype:trojan-activity;sid:84711542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.100.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848441/; classtype:trojan-activity;sid:84711541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848440)"; flow:established,from_client; content:"GET"; http_method; content:"/34701e8f-b8f0-4cce-b0cd-136c4553dbb8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"abandoned-asylum-expedition.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848440/; classtype:trojan-activity;sid:84711540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.136.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848439/; classtype:trojan-activity;sid:84711539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.23.91.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848438/; classtype:trojan-activity;sid:84711538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.3.3.190"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848437/; classtype:trojan-activity;sid:84711537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.6.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848436/; classtype:trojan-activity;sid:84711536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848435/; classtype:trojan-activity;sid:84711535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848434)"; flow:established,from_client; content:"GET"; http_method; content:"/bf1150a4-6883-4064-85d7-beb9d7e8b19d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"deep-space-artificial-gravity.garden"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848434/; classtype:trojan-activity;sid:84711534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.136.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848433/; classtype:trojan-activity;sid:84711533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848432)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=daed12b8-ac34-434a-9729-ea53ca3fb3e8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wkqsof7p.network-pulse.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848432/; classtype:trojan-activity;sid:84711532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848431)"; flow:established,from_client; content:"GET"; http_method; content:"/28cbb4e8-3f91-4fd8-a73d-efb056fc39d4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"retro-gaming-launcher.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848431/; classtype:trojan-activity;sid:84711531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848430/; classtype:trojan-activity;sid:84711530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.188.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848429/; classtype:trojan-activity;sid:84711529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.3.3.190"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848428/; classtype:trojan-activity;sid:84711528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.144.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848427/; classtype:trojan-activity;sid:84711527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.188.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848426/; classtype:trojan-activity;sid:84711526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848425)"; flow:established,from_client; content:"GET"; http_method; content:"/f30eba81-4c5a-4080-a057-6df524e69f8c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ziti-multicooker-hacks.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848425/; classtype:trojan-activity;sid:84711525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.13.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848424/; classtype:trojan-activity;sid:84711524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.144.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848423/; classtype:trojan-activity;sid:84711523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848422)"; flow:established,from_client; content:"GET"; http_method; content:"/fc4401cf-721d-4064-803f-cb53ae02e210/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedecosystem.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848422/; classtype:trojan-activity;sid:84711522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848421/; classtype:trojan-activity;sid:84711521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848420)"; flow:established,from_client; content:"GET"; http_method; content:"/3eb70c47-dc57-4471-a7d7-a633ffdd0fe7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flora-processing-framework.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848420/; classtype:trojan-activity;sid:84711520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.45.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848419/; classtype:trojan-activity;sid:84711519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.201.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848418/; classtype:trojan-activity;sid:84711518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.45.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848417/; classtype:trojan-activity;sid:84711517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848416/; classtype:trojan-activity;sid:84711516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848415)"; flow:established,from_client; content:"GET"; http_method; content:"/993c80f8-6c83-4e31-ada5-a6a89e13b6ea/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gardenworkflowcenter.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848415/; classtype:trojan-activity;sid:84711515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.42.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848414/; classtype:trojan-activity;sid:84711514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848413/; classtype:trojan-activity;sid:84711513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848412/; classtype:trojan-activity;sid:84711512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848411)"; flow:established,from_client; content:"GET"; http_method; content:"/3f51be67-1f51-4b0b-8405-cc6b7f50b6da/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedmeadowcluster.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848411/; classtype:trojan-activity;sid:84711511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.121.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848410/; classtype:trojan-activity;sid:84711510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.202.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848409/; classtype:trojan-activity;sid:84711509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848408)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848408/; classtype:trojan-activity;sid:84711508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848407)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1cc82a74-f8b2-405b-b7ad-f3bb853d0aac"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mqo7n5b2.script-vault.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848407/; classtype:trojan-activity;sid:84711507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.43.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848406/; classtype:trojan-activity;sid:84711506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.42.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848405/; classtype:trojan-activity;sid:84711505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848404)"; flow:established,from_client; content:"GET"; http_method; content:"/b2a06764-1a51-4eac-8ab1-b88de57752d3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigation-resource-system.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848404/; classtype:trojan-activity;sid:84711504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.103.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848403/; classtype:trojan-activity;sid:84711503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.211.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848402/; classtype:trojan-activity;sid:84711502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.211.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848401/; classtype:trojan-activity;sid:84711501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848400)"; flow:established,from_client; content:"GET"; http_method; content:"/f3f7345c-c44e-46f1-b59d-95b926b03af2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalautomationengine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848400/; classtype:trojan-activity;sid:84711500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.125.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848399/; classtype:trojan-activity;sid:84711499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848398)"; flow:established,from_client; content:"GET"; http_method; content:"/963a5c48-2532-4622-b69d-620ac1f90f42/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-growth-network.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848398/; classtype:trojan-activity;sid:84711498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848397/; classtype:trojan-activity;sid:84711497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.125.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848396/; classtype:trojan-activity;sid:84711496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848395)"; flow:established,from_client; content:"GET"; http_method; content:"/36ede77f-6234-4432-a37b-a83325c58119/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildflorainfrastructure.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848395/; classtype:trojan-activity;sid:84711495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848394/; classtype:trojan-activity;sid:84711494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.156.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848393/; classtype:trojan-activity;sid:84711493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848392/; classtype:trojan-activity;sid:84711492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.45.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848391/; classtype:trojan-activity;sid:84711491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848390/; classtype:trojan-activity;sid:84711490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.70.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848389/; classtype:trojan-activity;sid:84711489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848388/; classtype:trojan-activity;sid:84711488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.35.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848387/; classtype:trojan-activity;sid:84711487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848386)"; flow:established,from_client; content:"GET"; http_method; content:"/d2ee8199-efb0-4c21-b476-7667e664c1b6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petal-routing-platform.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848386/; classtype:trojan-activity;sid:84711486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.35.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848385/; classtype:trojan-activity;sid:84711485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.44.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848384/; classtype:trojan-activity;sid:84711484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848383)"; flow:established,from_client; content:"GET"; http_method; content:"/genius"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.45.45.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848383/; classtype:trojan-activity;sid:84711483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848382)"; flow:established,from_client; content:"GET"; http_method; content:"/0c77df4c-23a1-44bf-ac0f-30286427263b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhouseoperationshub.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848382/; classtype:trojan-activity;sid:84711482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848381)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/wtw2egtgc2ik/winspec.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848381/; classtype:trojan-activity;sid:84711481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848380)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=140964fe-33a1-45d5-91ea-7eae12e66dd5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wwk6os4i.cloud-atlas.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848380/; classtype:trojan-activity;sid:84711480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848378/; classtype:trojan-activity;sid:84711478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.109.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848379/; classtype:trojan-activity;sid:84711479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.45.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848377/; classtype:trojan-activity;sid:84711477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848376/; classtype:trojan-activity;sid:84711476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848375)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1a725314-04b7-4251-9050-91a11efae75a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dehjcpyw.byte-forge.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848375/; classtype:trojan-activity;sid:84711475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848374)"; flow:established,from_client; content:"GET"; http_method; content:"/283a609e-b6e0-458f-8a2d-8113fe6e139b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"linguistic-puzzle-solver.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848374/; classtype:trojan-activity;sid:84711474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848373)"; flow:established,from_client; content:"GET"; http_method; content:"/yo3u"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"personal-store.netlify.app"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848373/; classtype:trojan-activity;sid:84711473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848370)"; flow:established,from_client; content:"GET"; http_method; content:"/file_bgeu/document.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"107.189.25.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848370/; classtype:trojan-activity;sid:84711470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848371)"; flow:established,from_client; content:"GET"; http_method; content:"/file_bgeu/document.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cloudfilenow.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848371/; classtype:trojan-activity;sid:84711471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848372)"; flow:established,from_client; content:"GET"; http_method; content:"/file_bgeu/document.pdf.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"synctimenow.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848372/; classtype:trojan-activity;sid:84711472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848369)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ms/update/officefonts.dll"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"microwaved.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848369/; classtype:trojan-activity;sid:84711469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848368)"; flow:established,from_client; content:"GET"; http_method; content:"/final.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.252.177.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848368/; classtype:trojan-activity;sid:84711468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848367)"; flow:established,from_client; content:"GET"; http_method; content:"/final.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"microwaved.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848367/; classtype:trojan-activity;sid:84711467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848362)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ms/update/officefonts.dll"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"5.252.177.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848362/; classtype:trojan-activity;sid:84711462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848363)"; flow:established,from_client; content:"GET"; http_method; content:"/officefonts.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.252.177.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848363/; classtype:trojan-activity;sid:84711463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848364)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ms/update/sr.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5.252.177.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848364/; classtype:trojan-activity;sid:84711464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848365)"; flow:established,from_client; content:"GET"; http_method; content:"/officefonts.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"microwaved.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848365/; classtype:trojan-activity;sid:84711465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848366)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/ms/update/sr.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"microwaved.info"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848366/; classtype:trojan-activity;sid:84711466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848361)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.120.107.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848361/; classtype:trojan-activity;sid:84711461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848360)"; flow:established,from_client; content:"GET"; http_method; content:"/fie.hta"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"87.120.107.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848360/; classtype:trojan-activity;sid:84711460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.89.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848359/; classtype:trojan-activity;sid:84711459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.3.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848356/; classtype:trojan-activity;sid:84711456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848357/; classtype:trojan-activity;sid:84711457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848358)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848358/; classtype:trojan-activity;sid:84711458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848354)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stage1-orschellx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848354/; classtype:trojan-activity;sid:84711454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848355)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/running.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848355/; classtype:trojan-activity;sid:84711455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848352)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"guildy.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848352/; classtype:trojan-activity;sid:84711452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848353)"; flow:established,from_client; content:"GET"; http_method; content:"/fie.hta"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"guildy.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848353/; classtype:trojan-activity;sid:84711453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848350)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.155.68.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848350/; classtype:trojan-activity;sid:84711450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848351)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dev1-trucksdirectuk.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848351/; classtype:trojan-activity;sid:84711451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848346)"; flow:established,from_client; content:"GET"; http_method; content:"/files/technical_specifications.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"stage1-orschellx.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848346/; classtype:trojan-activity;sid:84711446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848347)"; flow:established,from_client; content:"GET"; http_method; content:"/files/technical_specifications.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"45.155.68.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848347/; classtype:trojan-activity;sid:84711447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848348)"; flow:established,from_client; content:"GET"; http_method; content:"/files/technical_specifications.pdf.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"dev1-trucksdirectuk.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848348/; classtype:trojan-activity;sid:84711448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848349)"; flow:established,from_client; content:"GET"; http_method; content:"/832cb6af-b07c-4e38-bd4b-30d60fd00224/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ancient-parchment-archive.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848349/; classtype:trojan-activity;sid:84711449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848344)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_05_11.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848344/; classtype:trojan-activity;sid:84711444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848345)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"65.20.98.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848345/; classtype:trojan-activity;sid:84711445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848342)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848342/; classtype:trojan-activity;sid:84711442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848343)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848343/; classtype:trojan-activity;sid:84711443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848337)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/koki.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848337/; classtype:trojan-activity;sid:84711437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848338)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848338/; classtype:trojan-activity;sid:84711438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848339)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848339/; classtype:trojan-activity;sid:84711439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848340)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/runner.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848340/; classtype:trojan-activity;sid:84711440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848341)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848341/; classtype:trojan-activity;sid:84711441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848336)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848336/; classtype:trojan-activity;sid:84711436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848335)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/running.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848335/; classtype:trojan-activity;sid:84711435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848334)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/koki.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848334/; classtype:trojan-activity;sid:84711434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848332)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/agent.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848332/; classtype:trojan-activity;sid:84711432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848333)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"65.20.98.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848333/; classtype:trojan-activity;sid:84711433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848331)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/koki.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848331/; classtype:trojan-activity;sid:84711431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848330)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848330/; classtype:trojan-activity;sid:84711430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848328)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848328/; classtype:trojan-activity;sid:84711428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848329)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848329/; classtype:trojan-activity;sid:84711429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848327)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848327/; classtype:trojan-activity;sid:84711427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848326)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/runner.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848326/; classtype:trojan-activity;sid:84711426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848325)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848325/; classtype:trojan-activity;sid:84711425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848324)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_05_11.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848324/; classtype:trojan-activity;sid:84711424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848323)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848323/; classtype:trojan-activity;sid:84711423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848321)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848321/; classtype:trojan-activity;sid:84711421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848322)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_04_20.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848322/; classtype:trojan-activity;sid:84711422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848318)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/koki.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848318/; classtype:trojan-activity;sid:84711418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848319)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848319/; classtype:trojan-activity;sid:84711419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848320)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/koki.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848320/; classtype:trojan-activity;sid:84711420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848317)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_04_20.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848317/; classtype:trojan-activity;sid:84711417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848316)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_05_11.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848316/; classtype:trojan-activity;sid:84711416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848315)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/updater.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848315/; classtype:trojan-activity;sid:84711415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848313)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_05_11.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848313/; classtype:trojan-activity;sid:84711413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848314)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848314/; classtype:trojan-activity;sid:84711414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848312)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848312/; classtype:trojan-activity;sid:84711412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848311)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_05_11.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848311/; classtype:trojan-activity;sid:84711411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848310)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/chromelevator.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848310/; classtype:trojan-activity;sid:84711410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848309)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848309/; classtype:trojan-activity;sid:84711409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848307)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848307/; classtype:trojan-activity;sid:84711407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848308)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848308/; classtype:trojan-activity;sid:84711408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848305)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/running.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848305/; classtype:trojan-activity;sid:84711405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848306)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomer.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848306/; classtype:trojan-activity;sid:84711406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848303)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/chromelevator.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848303/; classtype:trojan-activity;sid:84711403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848304)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/running.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848304/; classtype:trojan-activity;sid:84711404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848301)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/running.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848301/; classtype:trojan-activity;sid:84711401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848302)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/chromelevator.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848302/; classtype:trojan-activity;sid:84711402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848300)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_04_20.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848300/; classtype:trojan-activity;sid:84711400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848297)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848297/; classtype:trojan-activity;sid:84711397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848298)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/running.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848298/; classtype:trojan-activity;sid:84711398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848299)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848299/; classtype:trojan-activity;sid:84711399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848294)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/runner.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848294/; classtype:trojan-activity;sid:84711394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848295)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/agent.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848295/; classtype:trojan-activity;sid:84711395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848296)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/runner.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848296/; classtype:trojan-activity;sid:84711396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848291)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/runner.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848291/; classtype:trojan-activity;sid:84711391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848292)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/agent.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848292/; classtype:trojan-activity;sid:84711392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848293)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/runner.ocx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848293/; classtype:trojan-activity;sid:84711393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848289)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/agent.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848289/; classtype:trojan-activity;sid:84711389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848290)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/agent.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848290/; classtype:trojan-activity;sid:84711390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848286)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/agent.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848286/; classtype:trojan-activity;sid:84711386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848287)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/updater.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848287/; classtype:trojan-activity;sid:84711387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848288)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/koki.ocx"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848288/; classtype:trojan-activity;sid:84711388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848283)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"65.20.98.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848283/; classtype:trojan-activity;sid:84711383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848284)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/updater.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848284/; classtype:trojan-activity;sid:84711384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848285)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/updater.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848285/; classtype:trojan-activity;sid:84711385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848282)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/updater.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"paysolutions.ink"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848282/; classtype:trojan-activity;sid:84711382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848281)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/updater.ocx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848281/; classtype:trojan-activity;sid:84711381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848280)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848280/; classtype:trojan-activity;sid:84711380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848279)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/chromelevator.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848279/; classtype:trojan-activity;sid:84711379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848278)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/chromelevator.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848278/; classtype:trojan-activity;sid:84711378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848277)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/chromelevator.ocx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848277/; classtype:trojan-activity;sid:84711377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848276)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848276/; classtype:trojan-activity;sid:84711376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848275)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848275/; classtype:trojan-activity;sid:84711375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848274)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848274/; classtype:trojan-activity;sid:84711374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848273)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_04_20.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848273/; classtype:trojan-activity;sid:84711373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848271)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aurekh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848271/; classtype:trojan-activity;sid:84711371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848272)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"screenly.cam"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848272/; classtype:trojan-activity;sid:84711372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848270)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscom.ocx"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848270/; classtype:trojan-activity;sid:84711370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848269)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_12_5.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848269/; classtype:trojan-activity;sid:84711369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848267)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_04_20.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ahdaratlegalservices.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848267/; classtype:trojan-activity;sid:84711367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848268)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_04_20.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"xtrafftrck.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848268/; classtype:trojan-activity;sid:84711368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848266)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/712419111124.ocx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"65.20.98.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848266/; classtype:trojan-activity;sid:84711366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848265)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_05_11.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"70.34.205.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848265/; classtype:trojan-activity;sid:84711365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.89.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848264/; classtype:trojan-activity;sid:84711364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848263)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.120.219.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848263/; classtype:trojan-activity;sid:84711363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848260)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"stg1-swaggrhockey.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848260/; classtype:trojan-activity;sid:84711360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848261)"; flow:established,from_client; content:"GET"; http_method; content:"/files/candidates-guide.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"slotmy-send.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848261/; classtype:trojan-activity;sid:84711361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848262)"; flow:established,from_client; content:"GET"; http_method; content:"/files/candidates-guide.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"3bra.solonettochka.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848262/; classtype:trojan-activity;sid:84711362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848254)"; flow:established,from_client; content:"GET"; http_method; content:"/files/candidates-guide.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dev1-revitavive.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848254/; classtype:trojan-activity;sid:84711354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848255)"; flow:established,from_client; content:"GET"; http_method; content:"/files/candidates-guide.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"stg1-swaggrhockey.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848255/; classtype:trojan-activity;sid:84711355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848256)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"slotmy-send.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848256/; classtype:trojan-activity;sid:84711356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848257)"; flow:established,from_client; content:"GET"; http_method; content:"/files/candidates-guide.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.120.219.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848257/; classtype:trojan-activity;sid:84711357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848258)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3bra.solonettochka.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848258/; classtype:trojan-activity;sid:84711358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848259)"; flow:established,from_client; content:"GET"; http_method; content:"/file/setup.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dev1-revitavive.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848259/; classtype:trojan-activity;sid:84711359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848253/; classtype:trojan-activity;sid:84711353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848252)"; flow:established,from_client; content:"GET"; http_method; content:"/678678b2-11f2-4c2b-b83c-8aa490cf1b38/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meteorite-crater-safari.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848252/; classtype:trojan-activity;sid:84711352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848251)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848251/; classtype:trojan-activity;sid:84711351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.203.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848250/; classtype:trojan-activity;sid:84711350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.202.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848249/; classtype:trojan-activity;sid:84711349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848248)"; flow:established,from_client; content:"GET"; http_method; content:"/df32a9c4-683e-4cb0-9eac-f16baca0ccbf/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"space-debris-trajectory.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848248/; classtype:trojan-activity;sid:84711348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848247)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_cvtres.txt"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848247/; classtype:trojan-activity;sid:84711347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848233)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848233/; classtype:trojan-activity;sid:84711333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848234)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848234/; classtype:trojan-activity;sid:84711334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848235)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848235/; classtype:trojan-activity;sid:84711335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848236)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848236/; classtype:trojan-activity;sid:84711336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848237)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cmd1.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848237/; classtype:trojan-activity;sid:84711337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4eb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848238/; classtype:trojan-activity;sid:84711338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848239)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848239/; classtype:trojan-activity;sid:84711339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848240)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848240/; classtype:trojan-activity;sid:84711340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848241)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848241/; classtype:trojan-activity;sid:84711341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848242)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848242/; classtype:trojan-activity;sid:84711342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848243/; classtype:trojan-activity;sid:84711343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848244/; classtype:trojan-activity;sid:84711344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848245)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848245/; classtype:trojan-activity;sid:84711345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848246)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/tumfuf.txt"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848246/; classtype:trojan-activity;sid:84711346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848224)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bins.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848224/; classtype:trojan-activity;sid:84711324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848225/; classtype:trojan-activity;sid:84711325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848226)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cmd.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848226/; classtype:trojan-activity;sid:84711326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.i686"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848227/; classtype:trojan-activity;sid:84711327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848228/; classtype:trojan-activity;sid:84711328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848229)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848229/; classtype:trojan-activity;sid:84711329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848230/; classtype:trojan-activity;sid:84711330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848231)"; flow:established,from_client; content:"GET"; http_method; content:"/repe04yt-group/repe04yt-project/-/raw/main/cryp2_cvtres.txt|3f|ref_type=heads"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"gitlab.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848231/; classtype:trojan-activity;sid:84711331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848232)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_addinprocess32.txt"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848232/; classtype:trojan-activity;sid:84711332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848214)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.armv71"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848214/; classtype:trojan-activity;sid:84711314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848215)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.armv4eb"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848215/; classtype:trojan-activity;sid:84711315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848216)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848216/; classtype:trojan-activity;sid:84711316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848217)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_regasm.txt"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848217/; classtype:trojan-activity;sid:84711317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848218)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848218/; classtype:trojan-activity;sid:84711318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848219)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848219/; classtype:trojan-activity;sid:84711319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848220)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848220/; classtype:trojan-activity;sid:84711320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848221)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848221/; classtype:trojan-activity;sid:84711321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848222)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848222/; classtype:trojan-activity;sid:84711322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848223)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848223/; classtype:trojan-activity;sid:84711323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848205)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848205/; classtype:trojan-activity;sid:84711305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848206)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848206/; classtype:trojan-activity;sid:84711306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848207)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848207/; classtype:trojan-activity;sid:84711307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848208)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848208/; classtype:trojan-activity;sid:84711308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848209/; classtype:trojan-activity;sid:84711309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848210)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_regsvcs.txt"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848210/; classtype:trojan-activity;sid:84711310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848211)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848211/; classtype:trojan-activity;sid:84711311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848212)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848212/; classtype:trojan-activity;sid:84711312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848213)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848213/; classtype:trojan-activity;sid:84711313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848202)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv71"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848202/; classtype:trojan-activity;sid:84711302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848203)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.54.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848203/; classtype:trojan-activity;sid:84711303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848204)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv41"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848204/; classtype:trojan-activity;sid:84711304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848192)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_installutil.txt"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848192/; classtype:trojan-activity;sid:84711292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848193)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_aspnet_compiler.txt"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848193/; classtype:trojan-activity;sid:84711293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848194)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848194/; classtype:trojan-activity;sid:84711294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848195)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848195/; classtype:trojan-activity;sid:84711295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848196)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.armv4tl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848196/; classtype:trojan-activity;sid:84711296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848197)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848197/; classtype:trojan-activity;sid:84711297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848198)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_msbuild.txt"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848198/; classtype:trojan-activity;sid:84711298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848199)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_applaunch.txt"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848199/; classtype:trojan-activity;sid:84711299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848200)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848200/; classtype:trojan-activity;sid:84711300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848201)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/raw/refs/heads/main/cryp2_jsc.txt"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848201/; classtype:trojan-activity;sid:84711301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848188)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848188/; classtype:trojan-activity;sid:84711288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848189)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848189/; classtype:trojan-activity;sid:84711289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848190)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848190/; classtype:trojan-activity;sid:84711290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848191)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.armv61"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848191/; classtype:trojan-activity;sid:84711291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv61"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848185/; classtype:trojan-activity;sid:84711285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848186)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.mips64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848186/; classtype:trojan-activity;sid:84711286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848187)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848187/; classtype:trojan-activity;sid:84711287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.armv41"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848171/; classtype:trojan-activity;sid:84711271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848172)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848172/; classtype:trojan-activity;sid:84711272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848173)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.i486"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848173/; classtype:trojan-activity;sid:84711273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848174)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4tl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848174/; classtype:trojan-activity;sid:84711274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848175)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848175/; classtype:trojan-activity;sid:84711275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848176)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848176/; classtype:trojan-activity;sid:84711276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848177)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848177/; classtype:trojan-activity;sid:84711277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848178)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848178/; classtype:trojan-activity;sid:84711278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848179)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.armv51"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848179/; classtype:trojan-activity;sid:84711279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848180)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848180/; classtype:trojan-activity;sid:84711280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848181)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv51"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"178.18.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848181/; classtype:trojan-activity;sid:84711281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848182)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848182/; classtype:trojan-activity;sid:84711282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848183)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.209.144.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848183/; classtype:trojan-activity;sid:84711283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848184)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848184/; classtype:trojan-activity;sid:84711284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848170)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins/bin.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848170/; classtype:trojan-activity;sid:84711270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848158)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_ppc64el"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848158/; classtype:trojan-activity;sid:84711258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848159)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips_hardfloat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848159/; classtype:trojan-activity;sid:84711259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848160)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848160/; classtype:trojan-activity;sid:84711260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848161)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_ppc64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848161/; classtype:trojan-activity;sid:84711261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848162)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848162/; classtype:trojan-activity;sid:84711262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848163)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848163/; classtype:trojan-activity;sid:84711263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848164)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848164/; classtype:trojan-activity;sid:84711264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848165)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848165/; classtype:trojan-activity;sid:84711265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848166)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848166/; classtype:trojan-activity;sid:84711266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848167)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848167/; classtype:trojan-activity;sid:84711267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848168)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848168/; classtype:trojan-activity;sid:84711268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848169)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848169/; classtype:trojan-activity;sid:84711269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848156)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848156/; classtype:trojan-activity;sid:84711256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848157/; classtype:trojan-activity;sid:84711257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_amd64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848155/; classtype:trojan-activity;sid:84711255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mipsel_softfloat"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848154/; classtype:trojan-activity;sid:84711254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848152/; classtype:trojan-activity;sid:84711252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips64el"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848153/; classtype:trojan-activity;sid:84711253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848148)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_hardfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848148/; classtype:trojan-activity;sid:84711248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mipsel_hardfloat"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848149/; classtype:trojan-activity;sid:84711249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips_softfloat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848150/; classtype:trojan-activity;sid:84711250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848151)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_hardfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848151/; classtype:trojan-activity;sid:84711251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848146/; classtype:trojan-activity;sid:84711246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848147/; classtype:trojan-activity;sid:84711247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848145)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848145/; classtype:trojan-activity;sid:84711245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_386"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848144/; classtype:trojan-activity;sid:84711244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848143)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848143/; classtype:trojan-activity;sid:84711243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848139)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848139/; classtype:trojan-activity;sid:84711239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848140/; classtype:trojan-activity;sid:84711240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848141)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc440"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848141/; classtype:trojan-activity;sid:84711241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848142)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848142/; classtype:trojan-activity;sid:84711242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848138/; classtype:trojan-activity;sid:84711238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848135/; classtype:trojan-activity;sid:84711235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848136/; classtype:trojan-activity;sid:84711236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848137)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848137/; classtype:trojan-activity;sid:84711237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848132)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848132/; classtype:trojan-activity;sid:84711232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848133)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848133/; classtype:trojan-activity;sid:84711233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848134/; classtype:trojan-activity;sid:84711234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848125)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848125/; classtype:trojan-activity;sid:84711225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848126)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848126/; classtype:trojan-activity;sid:84711226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848127)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848127/; classtype:trojan-activity;sid:84711227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848128)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848128/; classtype:trojan-activity;sid:84711228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848129)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848129/; classtype:trojan-activity;sid:84711229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848130)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848130/; classtype:trojan-activity;sid:84711230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848131)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848131/; classtype:trojan-activity;sid:84711231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848122)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848122/; classtype:trojan-activity;sid:84711222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848123)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848123/; classtype:trojan-activity;sid:84711223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848124)"; flow:established,from_client; content:"GET"; http_method; content:"/linux.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848124/; classtype:trojan-activity;sid:84711224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.ppc440"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848119/; classtype:trojan-activity;sid:84711219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848120)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.dbg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848120/; classtype:trojan-activity;sid:84711220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848121)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848121/; classtype:trojan-activity;sid:84711221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848117/; classtype:trojan-activity;sid:84711217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848118)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ak.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848118/; classtype:trojan-activity;sid:84711218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848115)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848115/; classtype:trojan-activity;sid:84711215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848116/; classtype:trojan-activity;sid:84711216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_ak.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848108/; classtype:trojan-activity;sid:84711208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848109/; classtype:trojan-activity;sid:84711209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848110)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848110/; classtype:trojan-activity;sid:84711210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848111/; classtype:trojan-activity;sid:84711211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848112/; classtype:trojan-activity;sid:84711212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848113)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.i486"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848113/; classtype:trojan-activity;sid:84711213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848114)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848114/; classtype:trojan-activity;sid:84711214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848098)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848098/; classtype:trojan-activity;sid:84711198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848099/; classtype:trojan-activity;sid:84711199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848100)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848100/; classtype:trojan-activity;sid:84711200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848101)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848101/; classtype:trojan-activity;sid:84711201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848102)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848102/; classtype:trojan-activity;sid:84711202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848103)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848103/; classtype:trojan-activity;sid:84711203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848104/; classtype:trojan-activity;sid:84711204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848105)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848105/; classtype:trojan-activity;sid:84711205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848106)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848106/; classtype:trojan-activity;sid:84711206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848107/; classtype:trojan-activity;sid:84711207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848095)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848095/; classtype:trojan-activity;sid:84711195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848096)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848096/; classtype:trojan-activity;sid:84711196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848097/; classtype:trojan-activity;sid:84711197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848093)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848093/; classtype:trojan-activity;sid:84711193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848094)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848094/; classtype:trojan-activity;sid:84711194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848092)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848092/; classtype:trojan-activity;sid:84711192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848091)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"de.cloud.dxang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848091/; classtype:trojan-activity;sid:84711191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848090/; classtype:trojan-activity;sid:84711190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848087/; classtype:trojan-activity;sid:84711187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848088/; classtype:trojan-activity;sid:84711188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848089/; classtype:trojan-activity;sid:84711189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848081/; classtype:trojan-activity;sid:84711181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848082/; classtype:trojan-activity;sid:84711182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848083/; classtype:trojan-activity;sid:84711183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848084/; classtype:trojan-activity;sid:84711184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848085/; classtype:trojan-activity;sid:84711185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848086/; classtype:trojan-activity;sid:84711186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848079/; classtype:trojan-activity;sid:84711179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848080/; classtype:trojan-activity;sid:84711180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848076/; classtype:trojan-activity;sid:84711176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848077/; classtype:trojan-activity;sid:84711177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848078/; classtype:trojan-activity;sid:84711178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/loader.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.202.241.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848075/; classtype:trojan-activity;sid:84711175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848074/; classtype:trojan-activity;sid:84711174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848072/; classtype:trojan-activity;sid:84711172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848073/; classtype:trojan-activity;sid:84711173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848063/; classtype:trojan-activity;sid:84711163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848064/; classtype:trojan-activity;sid:84711164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848065/; classtype:trojan-activity;sid:84711165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848066/; classtype:trojan-activity;sid:84711166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848067/; classtype:trojan-activity;sid:84711167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848068/; classtype:trojan-activity;sid:84711168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848069)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848069/; classtype:trojan-activity;sid:84711169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848070/; classtype:trojan-activity;sid:84711170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848071/; classtype:trojan-activity;sid:84711171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848062/; classtype:trojan-activity;sid:84711162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848061/; classtype:trojan-activity;sid:84711161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848054/; classtype:trojan-activity;sid:84711154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848055)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848055/; classtype:trojan-activity;sid:84711155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848056)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848056/; classtype:trojan-activity;sid:84711156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848057)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848057/; classtype:trojan-activity;sid:84711157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848058)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848058/; classtype:trojan-activity;sid:84711158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848059/; classtype:trojan-activity;sid:84711159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848060)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848060/; classtype:trojan-activity;sid:84711160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848053/; classtype:trojan-activity;sid:84711153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848051)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848051/; classtype:trojan-activity;sid:84711151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848052)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848052/; classtype:trojan-activity;sid:84711152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848044)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848044/; classtype:trojan-activity;sid:84711144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848045)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/room.x64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.153.34.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848045/; classtype:trojan-activity;sid:84711145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848046)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/room.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.153.34.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848046/; classtype:trojan-activity;sid:84711146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848047)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/room.armv7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848047/; classtype:trojan-activity;sid:84711147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848048)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/room.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.153.34.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848048/; classtype:trojan-activity;sid:84711148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848049)"; flow:established,from_client; content:"GET"; http_method; content:"/room_bot"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.153.34.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848049/; classtype:trojan-activity;sid:84711149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848050)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.153.34.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848050/; classtype:trojan-activity;sid:84711150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848036/; classtype:trojan-activity;sid:84711136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.98.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848037/; classtype:trojan-activity;sid:84711137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848038)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848038/; classtype:trojan-activity;sid:84711138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848039/; classtype:trojan-activity;sid:84711139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848040)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848040/; classtype:trojan-activity;sid:84711140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848041/; classtype:trojan-activity;sid:84711141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848042)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848042/; classtype:trojan-activity;sid:84711142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848043)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848043/; classtype:trojan-activity;sid:84711143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848031/; classtype:trojan-activity;sid:84711131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848032)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848032/; classtype:trojan-activity;sid:84711132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848033/; classtype:trojan-activity;sid:84711133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848034/; classtype:trojan-activity;sid:84711134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848035)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848035/; classtype:trojan-activity;sid:84711135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848030/; classtype:trojan-activity;sid:84711130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"173.208.51.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848029/; classtype:trojan-activity;sid:84711129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848028/; classtype:trojan-activity;sid:84711128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848024/; classtype:trojan-activity;sid:84711124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848025/; classtype:trojan-activity;sid:84711125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848026/; classtype:trojan-activity;sid:84711126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848027/; classtype:trojan-activity;sid:84711127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848021/; classtype:trojan-activity;sid:84711121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848022/; classtype:trojan-activity;sid:84711122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848023/; classtype:trojan-activity;sid:84711123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"parasjha.info"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848020/; classtype:trojan-activity;sid:84711120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848018)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848018/; classtype:trojan-activity;sid:84711118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848019)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848019/; classtype:trojan-activity;sid:84711119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848017)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848017/; classtype:trojan-activity;sid:84711117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848016)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848016/; classtype:trojan-activity;sid:84711116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848014)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848014/; classtype:trojan-activity;sid:84711114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848015)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848015/; classtype:trojan-activity;sid:84711115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848011)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848011/; classtype:trojan-activity;sid:84711111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848012)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848012/; classtype:trojan-activity;sid:84711112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848013)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848013/; classtype:trojan-activity;sid:84711113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848009)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848009/; classtype:trojan-activity;sid:84711109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848010)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848010/; classtype:trojan-activity;sid:84711110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848008)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848008/; classtype:trojan-activity;sid:84711108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848006)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848006/; classtype:trojan-activity;sid:84711106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848007)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848007/; classtype:trojan-activity;sid:84711107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848004)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848004/; classtype:trojan-activity;sid:84711104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848005)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848005/; classtype:trojan-activity;sid:84711105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847998)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847998/; classtype:trojan-activity;sid:84711098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847999)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847999/; classtype:trojan-activity;sid:84711099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848000)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848000/; classtype:trojan-activity;sid:84711100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848001)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848001/; classtype:trojan-activity;sid:84711101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848002)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848002/; classtype:trojan-activity;sid:84711102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848003)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3848003/; classtype:trojan-activity;sid:84711103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847997)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847997/; classtype:trojan-activity;sid:84711097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847996)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847996/; classtype:trojan-activity;sid:84711096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.42.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847995/; classtype:trojan-activity;sid:84711095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847975)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847975/; classtype:trojan-activity;sid:84711075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847976)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847976/; classtype:trojan-activity;sid:84711076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847977)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm_universal"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847977/; classtype:trojan-activity;sid:84711077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847978)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847978/; classtype:trojan-activity;sid:84711078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847979)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847979/; classtype:trojan-activity;sid:84711079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847980)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847980/; classtype:trojan-activity;sid:84711080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847981)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847981/; classtype:trojan-activity;sid:84711081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847982)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847982/; classtype:trojan-activity;sid:84711082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847983)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847983/; classtype:trojan-activity;sid:84711083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847984)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847984/; classtype:trojan-activity;sid:84711084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847985/; classtype:trojan-activity;sid:84711085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847986)"; flow:established,from_client; content:"GET"; http_method; content:"/lightclouden.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.74.244.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847986/; classtype:trojan-activity;sid:84711086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847987)"; flow:established,from_client; content:"GET"; http_method; content:"/mirai.arm5n"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.231.248.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847987/; classtype:trojan-activity;sid:84711087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847988)"; flow:established,from_client; content:"GET"; http_method; content:"/lightclouden.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"go.cmplistsonline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847988/; classtype:trojan-activity;sid:84711088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847989)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.74.244.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847989/; classtype:trojan-activity;sid:84711089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847990)"; flow:established,from_client; content:"GET"; http_method; content:"/lightclouden.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.74.244.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847990/; classtype:trojan-activity;sid:84711090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847991)"; flow:established,from_client; content:"GET"; http_method; content:"/lightclouden.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.74.244.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847991/; classtype:trojan-activity;sid:84711091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"go.cmplistsonline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847992/; classtype:trojan-activity;sid:84711092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847993)"; flow:established,from_client; content:"GET"; http_method; content:"/lightclouden.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"go.cmplistsonline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847993/; classtype:trojan-activity;sid:84711093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847994)"; flow:established,from_client; content:"GET"; http_method; content:"/lightclouden.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"go.cmplistsonline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847994/; classtype:trojan-activity;sid:84711094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847974)"; flow:established,from_client; content:"GET"; http_method; content:"/3fa6d4a0-54ff-42df-a74c-371b45a4ddf5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"crypticdialect.garden"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847974/; classtype:trojan-activity;sid:84711074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847972)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7048186296/dicjfqt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847972/; classtype:trojan-activity;sid:84711072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847973)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mol/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847973/; classtype:trojan-activity;sid:84711073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.164.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847971/; classtype:trojan-activity;sid:84711071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847970/; classtype:trojan-activity;sid:84711070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847969/; classtype:trojan-activity;sid:84711069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847968)"; flow:established,from_client; content:"GET"; http_method; content:"/bd33af05-7dbb-4e3e-afad-6a0b2872177c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"urban-graffiti-crew.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847968/; classtype:trojan-activity;sid:84711068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847967/; classtype:trojan-activity;sid:84711067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.9.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847966/; classtype:trojan-activity;sid:84711066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847965)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ffde8c91-ceed-427f-bcb0-fd476fb905ef"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"k2bs9h2k.proxy-horizon.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847965/; classtype:trojan-activity;sid:84711065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.155.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847964/; classtype:trojan-activity;sid:84711064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.164.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847962/; classtype:trojan-activity;sid:84711062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.202.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847963/; classtype:trojan-activity;sid:84711063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847961)"; flow:established,from_client; content:"GET"; http_method; content:"/15d69e05-8c58-40fc-a876-6466dd197a62/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedplantmesh.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847961/; classtype:trojan-activity;sid:84711061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.98.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847960/; classtype:trojan-activity;sid:84711060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847959/; classtype:trojan-activity;sid:84711059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.155.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847958/; classtype:trojan-activity;sid:84711058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847957)"; flow:established,from_client; content:"GET"; http_method; content:"/ca2b3a34-e3eb-4101-9b45-77579341b4df/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flora-monitoring-core.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847957/; classtype:trojan-activity;sid:84711057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.79.160.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847956/; classtype:trojan-activity;sid:84711056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847955)"; flow:established,from_client; content:"GET"; http_method; content:"/9ecd427d-26f4-4ded-ac8b-0dbf057a0564/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowworkflowplatform.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847955/; classtype:trojan-activity;sid:84711055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847954/; classtype:trojan-activity;sid:84711054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847953/; classtype:trojan-activity;sid:84711053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847952)"; flow:established,from_client; content:"GET"; http_method; content:"/d68e06db-f257-419a-ac77-66f68c686f93/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedgardencluster.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847952/; classtype:trojan-activity;sid:84711052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.79.160.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847951/; classtype:trojan-activity;sid:84711051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.252.87.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847950/; classtype:trojan-activity;sid:84711050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847949)"; flow:established,from_client; content:"GET"; http_method; content:"/436171c4-0354-49a8-99d2-dbda3d16b96c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigation-management-system.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847949/; classtype:trojan-activity;sid:84711049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847948/; classtype:trojan-activity;sid:84711048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847947/; classtype:trojan-activity;sid:84711047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847946)"; flow:established,from_client; content:"GET"; http_method; content:"/8d74d874-5b10-4762-b606-283978d3bf3e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalprocessingengine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847946/; classtype:trojan-activity;sid:84711046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847945)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847945/; classtype:trojan-activity;sid:84711045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847944)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"27.124.17.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847944/; classtype:trojan-activity;sid:84711044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847939)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847939/; classtype:trojan-activity;sid:84711039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847940)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847940/; classtype:trojan-activity;sid:84711040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847941)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847941/; classtype:trojan-activity;sid:84711041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847942)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847942/; classtype:trojan-activity;sid:84711042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847943)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847943/; classtype:trojan-activity;sid:84711043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847938)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847938/; classtype:trojan-activity;sid:84711038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847937)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847937/; classtype:trojan-activity;sid:84711037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847935)"; flow:established,from_client; content:"GET"; http_method; content:"/hb8ipc.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847935/; classtype:trojan-activity;sid:84711035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847936)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847936/; classtype:trojan-activity;sid:84711036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847934)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"27.124.17.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847934/; classtype:trojan-activity;sid:84711034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847932)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847932/; classtype:trojan-activity;sid:84711032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847933)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847933/; classtype:trojan-activity;sid:84711033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847928)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847928/; classtype:trojan-activity;sid:84711028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847929)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847929/; classtype:trojan-activity;sid:84711029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847930)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847930/; classtype:trojan-activity;sid:84711030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847931)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847931/; classtype:trojan-activity;sid:84711031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847926/; classtype:trojan-activity;sid:84711026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847927)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847927/; classtype:trojan-activity;sid:84711027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847925)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847925/; classtype:trojan-activity;sid:84711025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847924)"; flow:established,from_client; content:"GET"; http_method; content:"/hb8ipc.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847924/; classtype:trojan-activity;sid:84711024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847923)"; flow:established,from_client; content:"GET"; http_method; content:"/a378e22b-2a49-4bb9-b54a-b4190c4edaa7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalprocessingengine.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847923/; classtype:trojan-activity;sid:84711023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anti-malware.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847922/; classtype:trojan-activity;sid:84711022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847921)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847921/; classtype:trojan-activity;sid:84711021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847915/; classtype:trojan-activity;sid:84711015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847916/; classtype:trojan-activity;sid:84711016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847917/; classtype:trojan-activity;sid:84711017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847918/; classtype:trojan-activity;sid:84711018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847919/; classtype:trojan-activity;sid:84711019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847920)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847920/; classtype:trojan-activity;sid:84711020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847911/; classtype:trojan-activity;sid:84711011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847912/; classtype:trojan-activity;sid:84711012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847913/; classtype:trojan-activity;sid:84711013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc440"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847914/; classtype:trojan-activity;sid:84711014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847910/; classtype:trojan-activity;sid:84711010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc700"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847908/; classtype:trojan-activity;sid:84711008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"69sexy.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847909/; classtype:trojan-activity;sid:84711009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847907)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a0a67edc-7d02-4b05-9720-695e3e783102"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2ol471ks.kernel-lattice.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847907/; classtype:trojan-activity;sid:84711007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847906/; classtype:trojan-activity;sid:84711006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847905/; classtype:trojan-activity;sid:84711005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847904)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847904/; classtype:trojan-activity;sid:84711004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847899)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847899/; classtype:trojan-activity;sid:84710999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847900)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847900/; classtype:trojan-activity;sid:84711000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847901)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.sparc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847901/; classtype:trojan-activity;sid:84711001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847902)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847902/; classtype:trojan-activity;sid:84711002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847903)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847903/; classtype:trojan-activity;sid:84711003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847888)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.aarch64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847888/; classtype:trojan-activity;sid:84710988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847889)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847889/; classtype:trojan-activity;sid:84710989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847890)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847890/; classtype:trojan-activity;sid:84710990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847891)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847891/; classtype:trojan-activity;sid:84710991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847892)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847892/; classtype:trojan-activity;sid:84710992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847893)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.powerpc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847893/; classtype:trojan-activity;sid:84710993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847894)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847894/; classtype:trojan-activity;sid:84710994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847895)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847895/; classtype:trojan-activity;sid:84710995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847896)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.mipsrouter"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847896/; classtype:trojan-activity;sid:84710996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847897)"; flow:established,from_client; content:"GET"; http_method; content:"/rct888.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847897/; classtype:trojan-activity;sid:84710997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847898)"; flow:established,from_client; content:"GET"; http_method; content:"/uwu.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847898/; classtype:trojan-activity;sid:84710998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/anti-malware.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847887/; classtype:trojan-activity;sid:84710987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847886)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_native"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847886/; classtype:trojan-activity;sid:84710986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847872)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847872/; classtype:trojan-activity;sid:84710972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847873)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_armv7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847873/; classtype:trojan-activity;sid:84710973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847874)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847874/; classtype:trojan-activity;sid:84710974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847875)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_powerpc64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847875/; classtype:trojan-activity;sid:84710975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847876)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_riscv64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847876/; classtype:trojan-activity;sid:84710976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847877)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_armv5tel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847877/; classtype:trojan-activity;sid:84710977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847878)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847878/; classtype:trojan-activity;sid:84710978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847879)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847879/; classtype:trojan-activity;sid:84710979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847880)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mips64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847880/; classtype:trojan-activity;sid:84710980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847881)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_aarch64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847881/; classtype:trojan-activity;sid:84710981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847882)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_powerpc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847882/; classtype:trojan-activity;sid:84710982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847883)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_sparc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847883/; classtype:trojan-activity;sid:84710983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847884)"; flow:established,from_client; content:"GET"; http_method; content:"/bott"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847884/; classtype:trojan-activity;sid:84710984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847885)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.11.167.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847885/; classtype:trojan-activity;sid:84710985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847871/; classtype:trojan-activity;sid:84710971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847852)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847852/; classtype:trojan-activity;sid:84710952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847853)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847853/; classtype:trojan-activity;sid:84710953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847854)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847854/; classtype:trojan-activity;sid:84710954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847855)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847855/; classtype:trojan-activity;sid:84710955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847856)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847856/; classtype:trojan-activity;sid:84710956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847857)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847857/; classtype:trojan-activity;sid:84710957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847858)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847858/; classtype:trojan-activity;sid:84710958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847859)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847859/; classtype:trojan-activity;sid:84710959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847860)"; flow:established,from_client; content:"GET"; http_method; content:"/biiin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847860/; classtype:trojan-activity;sid:84710960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847861)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847861/; classtype:trojan-activity;sid:84710961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847862)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847862/; classtype:trojan-activity;sid:84710962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847863)"; flow:established,from_client; content:"GET"; http_method; content:"/biiin"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847863/; classtype:trojan-activity;sid:84710963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847864)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847864/; classtype:trojan-activity;sid:84710964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847865)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847865/; classtype:trojan-activity;sid:84710965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847866)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847866/; classtype:trojan-activity;sid:84710966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847867)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847867/; classtype:trojan-activity;sid:84710967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847868)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847868/; classtype:trojan-activity;sid:84710968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847869)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847869/; classtype:trojan-activity;sid:84710969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot_m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847870/; classtype:trojan-activity;sid:84710970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847850/; classtype:trojan-activity;sid:84710950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847851/; classtype:trojan-activity;sid:84710951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847849)"; flow:established,from_client; content:"GET"; http_method; content:"/ec5977c8-6922-4675-9655-a60918f01623/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bloommonitoringengine.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847849/; classtype:trojan-activity;sid:84710949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847848)"; flow:established,from_client; content:"GET"; http_method; content:"/60fc3bf4-547b-47bb-93bf-35bcc776b01b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gardeninfrastructurelab.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847848/; classtype:trojan-activity;sid:84710948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847847)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847847/; classtype:trojan-activity;sid:84710947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847840)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847840/; classtype:trojan-activity;sid:84710940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847841)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847841/; classtype:trojan-activity;sid:84710941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847842)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847842/; classtype:trojan-activity;sid:84710942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847843)"; flow:established,from_client; content:"GET"; http_method; content:"/android_arm64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847843/; classtype:trojan-activity;sid:84710943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847844)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847844/; classtype:trojan-activity;sid:84710944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847845)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847845/; classtype:trojan-activity;sid:84710945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847846)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847846/; classtype:trojan-activity;sid:84710946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847838)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847838/; classtype:trojan-activity;sid:84710938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.3.107.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847839/; classtype:trojan-activity;sid:84710939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847836/; classtype:trojan-activity;sid:84710936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847837)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847837/; classtype:trojan-activity;sid:84710937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847835)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"153.75.248.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847835/; classtype:trojan-activity;sid:84710935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847834/; classtype:trojan-activity;sid:84710934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.236.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847833/; classtype:trojan-activity;sid:84710933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847832/; classtype:trojan-activity;sid:84710932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.195.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847831/; classtype:trojan-activity;sid:84710931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847830)"; flow:established,from_client; content:"GET"; http_method; content:"/75aa3eb1-b155-444d-b5c4-d470f2b0c78e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"asynchronouswatering-system.garden"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847830/; classtype:trojan-activity;sid:84710930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847826)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847826/; classtype:trojan-activity;sid:84710926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847827)"; flow:established,from_client; content:"GET"; http_method; content:"/diddy64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.132.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847827/; classtype:trojan-activity;sid:84710927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847828)"; flow:established,from_client; content:"GET"; http_method; content:"/diddy67"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.132.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847828/; classtype:trojan-activity;sid:84710928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847829)"; flow:established,from_client; content:"GET"; http_method; content:"/diddy7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.132.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847829/; classtype:trojan-activity;sid:84710929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.167.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847825/; classtype:trojan-activity;sid:84710925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.79.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847824/; classtype:trojan-activity;sid:84710924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847823)"; flow:established,from_client; content:"GET"; http_method; content:"/7f3960db-f6a5-4cc9-8b4a-6480a32bee30/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ecosystemmanagementhub.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847823/; classtype:trojan-activity;sid:84710923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847822/; classtype:trojan-activity;sid:84710922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847821/; classtype:trojan-activity;sid:84710921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.195.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847820/; classtype:trojan-activity;sid:84710920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.20.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847819/; classtype:trojan-activity;sid:84710919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847818/; classtype:trojan-activity;sid:84710918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847817/; classtype:trojan-activity;sid:84710917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847816/; classtype:trojan-activity;sid:84710916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.202.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847815/; classtype:trojan-activity;sid:84710915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847814)"; flow:established,from_client; content:"GET"; http_method; content:"/52657977-f247-401f-be5a-57293be9ee6c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flora-observability-core.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847814/; classtype:trojan-activity;sid:84710914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.166.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847813/; classtype:trojan-activity;sid:84710913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847812/; classtype:trojan-activity;sid:84710912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.79.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847811/; classtype:trojan-activity;sid:84710911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.240.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847810/; classtype:trojan-activity;sid:84710910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847809)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=512ee820-596f-42da-b520-18215c55d79f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3w32k3ih.signal-harbor.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847809/; classtype:trojan-activity;sid:84710909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847808/; classtype:trojan-activity;sid:84710908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847807/; classtype:trojan-activity;sid:84710907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847805)"; flow:established,from_client; content:"GET"; http_method; content:"/fern_bot"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847805/; classtype:trojan-activity;sid:84710905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847806)"; flow:established,from_client; content:"GET"; http_method; content:"/spread_fern.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847806/; classtype:trojan-activity;sid:84710906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847797)"; flow:established,from_client; content:"GET"; http_method; content:"/fern_bot.c"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847797/; classtype:trojan-activity;sid:84710897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847798)"; flow:established,from_client; content:"GET"; http_method; content:"/mass_deploy.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847798/; classtype:trojan-activity;sid:84710898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847799)"; flow:established,from_client; content:"GET"; http_method; content:"/fern.b64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847799/; classtype:trojan-activity;sid:84710899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847800)"; flow:established,from_client; content:"GET"; http_method; content:"/fern_server.c"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847800/; classtype:trojan-activity;sid:84710900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847801)"; flow:established,from_client; content:"GET"; http_method; content:"/mass_fingerprint.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847801/; classtype:trojan-activity;sid:84710901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847802)"; flow:established,from_client; content:"GET"; http_method; content:"/fern_arm64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847802/; classtype:trojan-activity;sid:84710902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847803)"; flow:established,from_client; content:"GET"; http_method; content:"/fern_final_arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847803/; classtype:trojan-activity;sid:84710903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847804)"; flow:established,from_client; content:"GET"; http_method; content:"/fern_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847804/; classtype:trojan-activity;sid:84710904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847796)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2047668550/lfkmypa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847796/; classtype:trojan-activity;sid:84710896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847795)"; flow:established,from_client; content:"GET"; http_method; content:"/f2670c83-6691-485c-823d-bcc616e1e44a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadowprocessingcenter.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847795/; classtype:trojan-activity;sid:84710895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.166.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847794/; classtype:trojan-activity;sid:84710894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.223.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847793/; classtype:trojan-activity;sid:84710893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847792)"; flow:established,from_client; content:"GET"; http_method; content:"/r_linux_amd64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.82.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847792/; classtype:trojan-activity;sid:84710892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847791)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.ppc-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847791/; classtype:trojan-activity;sid:84710891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847790)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm6-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847790/; classtype:trojan-activity;sid:84710890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847784)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.mips-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847784/; classtype:trojan-activity;sid:84710884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847785)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.mpsl-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847785/; classtype:trojan-activity;sid:84710885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847786)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.x86_64-11"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847786/; classtype:trojan-activity;sid:84710886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847787)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm5-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847787/; classtype:trojan-activity;sid:84710887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847788)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.x86-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847788/; classtype:trojan-activity;sid:84710888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847789)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.sh4-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847789/; classtype:trojan-activity;sid:84710889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847781)"; flow:established,from_client; content:"GET"; http_method; content:"/r_patched"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.82.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847781/; classtype:trojan-activity;sid:84710881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847782)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/r_agent"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.82.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847782/; classtype:trojan-activity;sid:84710882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847783)"; flow:established,from_client; content:"GET"; http_method; content:"/r_windows_amd64.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.82.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847783/; classtype:trojan-activity;sid:84710883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847780)"; flow:established,from_client; content:"GET"; http_method; content:"/r_8888"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.82.254.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847780/; classtype:trojan-activity;sid:84710880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847779)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm7-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847779/; classtype:trojan-activity;sid:84710879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847776)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847776/; classtype:trojan-activity;sid:84710876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.148.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847777/; classtype:trojan-activity;sid:84710877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847778)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cdn-assets.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847778/; classtype:trojan-activity;sid:84710878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.106.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847775/; classtype:trojan-activity;sid:84710875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847774/; classtype:trojan-activity;sid:84710874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847773)"; flow:established,from_client; content:"GET"; http_method; content:"/d0063698-b81f-4a71-8b1e-d3563345ab78/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedplantcluster.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847773/; classtype:trojan-activity;sid:84710873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.44.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847772/; classtype:trojan-activity;sid:84710872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847771/; classtype:trojan-activity;sid:84710871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.106.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847770/; classtype:trojan-activity;sid:84710870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.232.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847769/; classtype:trojan-activity;sid:84710869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.232.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847768/; classtype:trojan-activity;sid:84710868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.101.9.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847767/; classtype:trojan-activity;sid:84710867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.201.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847766/; classtype:trojan-activity;sid:84710866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847765)"; flow:established,from_client; content:"GET"; http_method; content:"/6ea2ee8a-5804-4fc2-a00c-e5b5960a84c0/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalresourceengine.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847765/; classtype:trojan-activity;sid:84710865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.55.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847764/; classtype:trojan-activity;sid:84710864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847763/; classtype:trojan-activity;sid:84710863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847762/; classtype:trojan-activity;sid:84710862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.101.9.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847761/; classtype:trojan-activity;sid:84710861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847760/; classtype:trojan-activity;sid:84710860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.97.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847759/; classtype:trojan-activity;sid:84710859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847758/; classtype:trojan-activity;sid:84710858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847757)"; flow:established,from_client; content:"GET"; http_method; content:"/6fe1707e-a98f-4f73-8157-3b6a892fb21c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildfloragrowthsystem.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847757/; classtype:trojan-activity;sid:84710857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847756/; classtype:trojan-activity;sid:84710856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.197.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847755/; classtype:trojan-activity;sid:84710855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847754/; classtype:trojan-activity;sid:84710854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847752)"; flow:established,from_client; content:"GET"; http_method; content:"/424566da-9c73-4fe2-9deb-537180c772b9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"petal-distribution-hub.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847752/; classtype:trojan-activity;sid:84710852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847753/; classtype:trojan-activity;sid:84710853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.156.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847751/; classtype:trojan-activity;sid:84710851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847750)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e5b5d710-e0a2-473c-b3ad-74fc210ff8f0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fkpsfevx.culling-posture-schnitzel.digital"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847750/; classtype:trojan-activity;sid:84710850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847749/; classtype:trojan-activity;sid:84710849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.156.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847748/; classtype:trojan-activity;sid:84710848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.244.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847747/; classtype:trojan-activity;sid:84710847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.233.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847746/; classtype:trojan-activity;sid:84710846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847745/; classtype:trojan-activity;sid:84710845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847743/; classtype:trojan-activity;sid:84710843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847744)"; flow:established,from_client; content:"GET"; http_method; content:"/2f57743e-2f2d-4e69-af96-71aab39ac85d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-print-control-plane.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847744/; classtype:trojan-activity;sid:84710844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847738)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/7m0g9inf47"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847738/; classtype:trojan-activity;sid:84710838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847739)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/8260f4p5nk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847739/; classtype:trojan-activity;sid:84710839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847740)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/9rkb4qtpm3"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847740/; classtype:trojan-activity;sid:84710840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847741)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/b7hovpz6ti"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847741/; classtype:trojan-activity;sid:84710841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847742)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847742/; classtype:trojan-activity;sid:84710842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847736)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/qfighdyhbm"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847736/; classtype:trojan-activity;sid:84710836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847737)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/f1yu71wyjd"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847737/; classtype:trojan-activity;sid:84710837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847731)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/lhyrtqlndq"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847731/; classtype:trojan-activity;sid:84710831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847732)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/ezidr3y5ct"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847732/; classtype:trojan-activity;sid:84710832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847733)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/zkrbtwag7o"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847733/; classtype:trojan-activity;sid:84710833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847734)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/wpd1a29m25"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847734/; classtype:trojan-activity;sid:84710834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847735)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/xcjygk37yu"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847735/; classtype:trojan-activity;sid:84710835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847729)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/4jiz0v4h1r"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847729/; classtype:trojan-activity;sid:84710829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847730)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/84aghucl1g"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847730/; classtype:trojan-activity;sid:84710830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847725)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/mn42gxnolr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847725/; classtype:trojan-activity;sid:84710825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847726)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/3aoq8phdv9"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847726/; classtype:trojan-activity;sid:84710826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847727)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/jc6g6x1vph"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847727/; classtype:trojan-activity;sid:84710827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847728)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/4vxlsuz00c"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847728/; classtype:trojan-activity;sid:84710828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847724)"; flow:established,from_client; content:"GET"; http_method; content:"/payload/a6i3khk75wgf/ksoilti7oi"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"168.220.248.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847724/; classtype:trojan-activity;sid:84710824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.139.49.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847723/; classtype:trojan-activity;sid:84710823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847722/; classtype:trojan-activity;sid:84710822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.148.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847721/; classtype:trojan-activity;sid:84710821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.233.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847720/; classtype:trojan-activity;sid:84710820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847719)"; flow:established,from_client; content:"GET"; http_method; content:"/5d7760c5-e25a-4ae3-858a-d8e49411f7bc/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"core-ost-node-system.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847719/; classtype:trojan-activity;sid:84710819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.237.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847718/; classtype:trojan-activity;sid:84710818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.110.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847717/; classtype:trojan-activity;sid:84710817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.110.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847716/; classtype:trojan-activity;sid:84710816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847715/; classtype:trojan-activity;sid:84710815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.107.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847714/; classtype:trojan-activity;sid:84710814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847713)"; flow:established,from_client; content:"GET"; http_method; content:"/e800c768-ead3-4b48-9568-5eba86cccafb/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"runtime-core-fabric-get.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847713/; classtype:trojan-activity;sid:84710813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.237.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847712/; classtype:trojan-activity;sid:84710812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.252.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847711/; classtype:trojan-activity;sid:84710811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.189.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847710/; classtype:trojan-activity;sid:84710810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847709)"; flow:established,from_client; content:"GET"; http_method; content:"/034bb288-66b3-4e1e-b8e6-247b202f7a5e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mixed-on-storage-layer.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847709/; classtype:trojan-activity;sid:84710809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.253.80.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847708/; classtype:trojan-activity;sid:84710808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.235.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847707/; classtype:trojan-activity;sid:84710807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847706/; classtype:trojan-activity;sid:84710806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.252.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847705/; classtype:trojan-activity;sid:84710805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847704)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847704/; classtype:trojan-activity;sid:84710804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847699)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847699/; classtype:trojan-activity;sid:84710799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847700)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847700/; classtype:trojan-activity;sid:84710800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847701)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847701/; classtype:trojan-activity;sid:84710801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847702)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847702/; classtype:trojan-activity;sid:84710802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847703)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847703/; classtype:trojan-activity;sid:84710803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847698)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=24a59e3b-0e28-4ea4-9199-e892fb187e87"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m1ub6qaj.kabardinskymonasticismradicalism.digital"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847698/; classtype:trojan-activity;sid:84710798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.233.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847697/; classtype:trojan-activity;sid:84710797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847696)"; flow:established,from_client; content:"GET"; http_method; content:"/fe8f272e-cc4b-493f-b640-24d14c041fde/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-gate-way.garden"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847696/; classtype:trojan-activity;sid:84710796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.235.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847695/; classtype:trojan-activity;sid:84710795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.238.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847693/; classtype:trojan-activity;sid:84710793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.76.136.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847694/; classtype:trojan-activity;sid:84710794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.94.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847692/; classtype:trojan-activity;sid:84710792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847691/; classtype:trojan-activity;sid:84710791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.233.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847690/; classtype:trojan-activity;sid:84710790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847689)"; flow:established,from_client; content:"GET"; http_method; content:"/616930ac-cf7d-4536-936d-70aebd411a68/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"telemetry-folder-stream-core.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847689/; classtype:trojan-activity;sid:84710789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.94.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847688/; classtype:trojan-activity;sid:84710788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847687/; classtype:trojan-activity;sid:84710787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847686/; classtype:trojan-activity;sid:84710786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.36.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847685/; classtype:trojan-activity;sid:84710785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847684)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847684/; classtype:trojan-activity;sid:84710784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847682)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847682/; classtype:trojan-activity;sid:84710782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847683)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847683/; classtype:trojan-activity;sid:84710783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.36.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847681/; classtype:trojan-activity;sid:84710781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847680)"; flow:established,from_client; content:"GET"; http_method; content:"/f3c6c3f5-169c-4097-a716-caab93df632d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-network-on-hub.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847680/; classtype:trojan-activity;sid:84710780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.6.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847679/; classtype:trojan-activity;sid:84710779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.239.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847678/; classtype:trojan-activity;sid:84710778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847668)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847668/; classtype:trojan-activity;sid:84710768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847669)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847669/; classtype:trojan-activity;sid:84710769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847670)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847670/; classtype:trojan-activity;sid:84710770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847671)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847671/; classtype:trojan-activity;sid:84710771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847672)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847672/; classtype:trojan-activity;sid:84710772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847673)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847673/; classtype:trojan-activity;sid:84710773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847674)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847674/; classtype:trojan-activity;sid:84710774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847675)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847675/; classtype:trojan-activity;sid:84710775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847676)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847676/; classtype:trojan-activity;sid:84710776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847677)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847677/; classtype:trojan-activity;sid:84710777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847655)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847655/; classtype:trojan-activity;sid:84710755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847656)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847656/; classtype:trojan-activity;sid:84710756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847657)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847657/; classtype:trojan-activity;sid:84710757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847658)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847658/; classtype:trojan-activity;sid:84710758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847659)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847659/; classtype:trojan-activity;sid:84710759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847660)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847660/; classtype:trojan-activity;sid:84710760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847661)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847661/; classtype:trojan-activity;sid:84710761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847662)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847662/; classtype:trojan-activity;sid:84710762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847663)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847663/; classtype:trojan-activity;sid:84710763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847664)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847664/; classtype:trojan-activity;sid:84710764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847665)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847665/; classtype:trojan-activity;sid:84710765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847666)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847666/; classtype:trojan-activity;sid:84710766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847667)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847667/; classtype:trojan-activity;sid:84710767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.6.144"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847654/; classtype:trojan-activity;sid:84710754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847653)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_43dfe5f77a960846.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847653/; classtype:trojan-activity;sid:84710753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847652)"; flow:established,from_client; content:"GET"; http_method; content:"/56d3354c-1a93-4bf8-8f54-a718c4ef9cb3/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"micro-service-cluster.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847652/; classtype:trojan-activity;sid:84710752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.250.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847651/; classtype:trojan-activity;sid:84710751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.188.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847650/; classtype:trojan-activity;sid:84710750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847649)"; flow:established,from_client; content:"GET"; http_method; content:"/16f30028-c656-4d04-91b3-6e7723ad5aac/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packet-relay-engine.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847649/; classtype:trojan-activity;sid:84710749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.87.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847648/; classtype:trojan-activity;sid:84710748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847647)"; flow:established,from_client; content:"GET"; http_method; content:"/237062a7-4770-471f-b121-06d88fac2d96/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packet-relay-engine.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847647/; classtype:trojan-activity;sid:84710747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.235.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847646/; classtype:trojan-activity;sid:84710746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847645)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=aaaac13d-05c3-454a-a72a-e2c34dd6cf43"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m8to2gkj.hundred-years-old.digital"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847645/; classtype:trojan-activity;sid:84710745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.36.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847644/; classtype:trojan-activity;sid:84710744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847641)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847641/; classtype:trojan-activity;sid:84710741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847642)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847642/; classtype:trojan-activity;sid:84710742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847643)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847643/; classtype:trojan-activity;sid:84710743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"23.148.146.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847640/; classtype:trojan-activity;sid:84710740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.148.146.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847639/; classtype:trojan-activity;sid:84710739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847638)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.cs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847638/; classtype:trojan-activity;sid:84710738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847637/; classtype:trojan-activity;sid:84710737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.188.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847636/; classtype:trojan-activity;sid:84710736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.47.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847635/; classtype:trojan-activity;sid:84710735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847634)"; flow:established,from_client; content:"GET"; http_method; content:"/4cb01a99-4047-421b-a596-ef2a92f6f925/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cloud-infrastructure.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847634/; classtype:trojan-activity;sid:84710734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.86.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847633/; classtype:trojan-activity;sid:84710733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847632)"; flow:established,from_client; content:"GET"; http_method; content:"/2f0257f7-13c7-402d-8f59-9a99bf869542/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"get-on-processing-engine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847632/; classtype:trojan-activity;sid:84710732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.242.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847631/; classtype:trojan-activity;sid:84710731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847630/; classtype:trojan-activity;sid:84710730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.47.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847629/; classtype:trojan-activity;sid:84710729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847628/; classtype:trojan-activity;sid:84710728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.118.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847627/; classtype:trojan-activity;sid:84710727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.168.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847626/; classtype:trojan-activity;sid:84710726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.182.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847625/; classtype:trojan-activity;sid:84710725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847624)"; flow:established,from_client; content:"GET"; http_method; content:"/95ad08fe-2123-44c9-b065-d8e9879a2527/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federated-grow-install-framework.garden"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847624/; classtype:trojan-activity;sid:84710724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.239.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847623/; classtype:trojan-activity;sid:84710723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847622/; classtype:trojan-activity;sid:84710722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.168.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847621/; classtype:trojan-activity;sid:84710721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.89.53.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847620/; classtype:trojan-activity;sid:84710720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.15.126.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847618/; classtype:trojan-activity;sid:84710718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.89.53.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847619/; classtype:trojan-activity;sid:84710719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847617/; classtype:trojan-activity;sid:84710717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.224.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847616/; classtype:trojan-activity;sid:84710716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847615)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847615/; classtype:trojan-activity;sid:84710715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847614)"; flow:established,from_client; content:"GET"; http_method; content:"/4159f41d-c37f-487a-b866-a688ccee2272/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"folder-management-core.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847614/; classtype:trojan-activity;sid:84710714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847611)"; flow:established,from_client; content:"GET"; http_method; content:"/client.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847611/; classtype:trojan-activity;sid:84710711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847612)"; flow:established,from_client; content:"GET"; http_method; content:"/baal_encrypted.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"178.16.53.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847612/; classtype:trojan-activity;sid:84710712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847613)"; flow:established,from_client; content:"GET"; http_method; content:"/baallast.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847613/; classtype:trojan-activity;sid:84710713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.182.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847610/; classtype:trojan-activity;sid:84710710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847609/; classtype:trojan-activity;sid:84710709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847608/; classtype:trojan-activity;sid:84710708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.105.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847607/; classtype:trojan-activity;sid:84710707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847606)"; flow:established,from_client; content:"GET"; http_method; content:"/e99cca83-82c4-4db5-9649-b8d060e25abe/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"micro-fan-obs-plan.garden"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847606/; classtype:trojan-activity;sid:84710706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847605/; classtype:trojan-activity;sid:84710705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.42.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847604/; classtype:trojan-activity;sid:84710704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.239.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847603/; classtype:trojan-activity;sid:84710703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847602)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1a92cf19-9810-475f-94f3-10f6b3e33bfd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9yqks5fo.downplaying-sevenleague.digital"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847602/; classtype:trojan-activity;sid:84710702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847601)"; flow:established,from_client; content:"GET"; http_method; content:"/6c92e176-5808-4b4f-9a53-360594bcc9ab/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distrib-ost-penal-network.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847601/; classtype:trojan-activity;sid:84710701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847600/; classtype:trojan-activity;sid:84710700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.24.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847599/; classtype:trojan-activity;sid:84710699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847598/; classtype:trojan-activity;sid:84710698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847597)"; flow:established,from_client; content:"GET"; http_method; content:"/fa840059-3192-4bfb-9c30-d037f336b27d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"path-green-second-hub.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847597/; classtype:trojan-activity;sid:84710697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.238.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847596/; classtype:trojan-activity;sid:84710696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.24.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847595/; classtype:trojan-activity;sid:84710695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.214.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847594/; classtype:trojan-activity;sid:84710694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847593/; classtype:trojan-activity;sid:84710693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847592)"; flow:established,from_client; content:"GET"; http_method; content:"/c11d3a77-2d81-4942-bdc0-7b4aa9b7620a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wild-folder-routing-path.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847592/; classtype:trojan-activity;sid:84710692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.238.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847591/; classtype:trojan-activity;sid:84710691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847590)"; flow:established,from_client; content:"GET"; http_method; content:"/a7eb78fc-74c9-4abb-8e39-374c40cc2749/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botan-it-getwork-flow.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847590/; classtype:trojan-activity;sid:84710690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.159.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847589/; classtype:trojan-activity;sid:84710689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.117.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847588/; classtype:trojan-activity;sid:84710688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.16.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847587/; classtype:trojan-activity;sid:84710687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847586)"; flow:established,from_client; content:"GET"; http_method; content:"/2a7c59cc-0cd2-4ff6-ae49-d85b0b7cec9a/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floriculture-mastery.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847586/; classtype:trojan-activity;sid:84710686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.159.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847585/; classtype:trojan-activity;sid:84710685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.16.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847584/; classtype:trojan-activity;sid:84710684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.87.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847583/; classtype:trojan-activity;sid:84710683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.2.25"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847582/; classtype:trojan-activity;sid:84710682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.239.117.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847581/; classtype:trojan-activity;sid:84710681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847580)"; flow:established,from_client; content:"GET"; http_method; content:"/b946787d-7743-4a40-a98a-91bd2929d327/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"urban-botany-station.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847580/; classtype:trojan-activity;sid:84710680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.87.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847579/; classtype:trojan-activity;sid:84710679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847578)"; flow:established,from_client; content:"GET"; http_method; content:"/bf12e268-157f-4797-8afa-1e9a30001c28/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"backyard-harvest-planner.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847578/; classtype:trojan-activity;sid:84710678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.250.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847577/; classtype:trojan-activity;sid:84710677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847576)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f197ba83-0519-4c12-b5ad-8df436aa4d4e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x0o600dr.clamshellkarakulchaalumina.digital"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847576/; classtype:trojan-activity;sid:84710676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.238.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847575/; classtype:trojan-activity;sid:84710675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.92.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847574/; classtype:trojan-activity;sid:84710674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.124.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847573/; classtype:trojan-activity;sid:84710673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847572/; classtype:trojan-activity;sid:84710672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.124.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847571/; classtype:trojan-activity;sid:84710671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.215.249.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847570/; classtype:trojan-activity;sid:84710670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.194.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847569/; classtype:trojan-activity;sid:84710669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.176.116.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847568/; classtype:trojan-activity;sid:84710668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847567)"; flow:established,from_client; content:"GET"; http_method; content:"/429e5532-8c10-4da4-9aee-c2eec2d23872/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"backyard-harvest-planner.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847567/; classtype:trojan-activity;sid:84710667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.189.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847566/; classtype:trojan-activity;sid:84710666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.194.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847565/; classtype:trojan-activity;sid:84710665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.189.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847564/; classtype:trojan-activity;sid:84710664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847563)"; flow:established,from_client; content:"GET"; http_method; content:"/aa85d475-72f2-4c64-9cab-57a7c8a4d3be/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"evergreentimberland.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847563/; classtype:trojan-activity;sid:84710663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847562)"; flow:established,from_client; content:"GET"; http_method; content:"/97fd81ca-c9d8-4cf0-9efc-9eed59062bd4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"backyard-harvest-planner.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847562/; classtype:trojan-activity;sid:84710662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847561)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fda22a14-9425-42c7-9148-fd96f0b48f9c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7uopofgy.steel-evar-yes-valence.digital"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847561/; classtype:trojan-activity;sid:84710661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847560)"; flow:established,from_client; content:"GET"; http_method; content:"/a901e700-1b04-4503-80f0-5fe9a8be5043/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"floriculture-mastery.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847560/; classtype:trojan-activity;sid:84710660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.28.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847558/; classtype:trojan-activity;sid:84710658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.36.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847559/; classtype:trojan-activity;sid:84710659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.133.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847557/; classtype:trojan-activity;sid:84710657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847556)"; flow:established,from_client; content:"GET"; http_method; content:"/8e8886f4-b375-4200-b706-eb380ebd0c17/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"root-system-irrigation.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847556/; classtype:trojan-activity;sid:84710656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.28.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847555/; classtype:trojan-activity;sid:84710655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847554)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/bkjdilp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847554/; classtype:trojan-activity;sid:84710654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847553/; classtype:trojan-activity;sid:84710653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847552)"; flow:established,from_client; content:"GET"; http_method; content:"/c7e6f5da-e3e7-42a2-bcb6-c4952ac48511/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"herbal-extract-processing.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847552/; classtype:trojan-activity;sid:84710652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.133.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847551/; classtype:trojan-activity;sid:84710651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.4.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847550/; classtype:trojan-activity;sid:84710650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847549/; classtype:trojan-activity;sid:84710649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847548)"; flow:established,from_client; content:"GET"; http_method; content:"/5bcb4b20-d690-4b96-a6b6-86c319891dbe/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"natureoasisdesign.garden"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847548/; classtype:trojan-activity;sid:84710648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847547/; classtype:trojan-activity;sid:84710647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847546/; classtype:trojan-activity;sid:84710646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847545)"; flow:established,from_client; content:"GET"; http_method; content:"/9a692b68-a93e-458e-a034-14d848813d91/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"automated-sprout-labs.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847545/; classtype:trojan-activity;sid:84710645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847544)"; flow:established,from_client; content:"GET"; http_method; content:"/bf6dc6b0-6316-4b67-b154-ca62d7502392/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"automated-sprout-labs.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847544/; classtype:trojan-activity;sid:84710644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847543/; classtype:trojan-activity;sid:84710643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847542/; classtype:trojan-activity;sid:84710642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847541/; classtype:trojan-activity;sid:84710641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847540)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/w4wlaekqjkj3/corvus.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847540/; classtype:trojan-activity;sid:84710640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847539)"; flow:established,from_client; content:"GET"; http_method; content:"/4675675f-7f76-4d52-bd90-ec60844f092d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bio-soil-nutrients.garden"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847539/; classtype:trojan-activity;sid:84710639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.5.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847538/; classtype:trojan-activity;sid:84710638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847537/; classtype:trojan-activity;sid:84710637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847536)"; flow:established,from_client; content:"GET"; http_method; content:"/1f141521-6828-40fa-9293-c17ae2bdc86b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhouse-climate-control-sys.garden"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847536/; classtype:trojan-activity;sid:84710636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.26.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847535/; classtype:trojan-activity;sid:84710635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847534)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8827a465-006d-4d43-b4de-60180d6240dd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"55n7r46d.bibliosmirk.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847534/; classtype:trojan-activity;sid:84710634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847533/; classtype:trojan-activity;sid:84710633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.55.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847532/; classtype:trojan-activity;sid:84710632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847531)"; flow:established,from_client; content:"GET"; http_method; content:"/d4930701-431d-4f95-893a-a4deda7efdbd/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vertical-eco-farming.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847531/; classtype:trojan-activity;sid:84710631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847530/; classtype:trojan-activity;sid:84710630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847529)"; flow:established,from_client; content:"GET"; http_method; content:"/24fd9bd4-4632-4816-ac98-69b9d2bb7ce9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-bloom-platform.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847529/; classtype:trojan-activity;sid:84710629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847528)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_028b96fee351a313.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847528/; classtype:trojan-activity;sid:84710628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.146.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847527/; classtype:trojan-activity;sid:84710627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847526)"; flow:established,from_client; content:"GET"; http_method; content:"/108f5d12-33bd-4fe5-8c43-4685a2ed8617/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"telemetrygardenmesh.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847526/; classtype:trojan-activity;sid:84710626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.146.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847525/; classtype:trojan-activity;sid:84710625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847524)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0c661191-9757-41de-b8db-5ec70b6e9434"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hxuznl6x.biennial-polovauniverse.digital"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847524/; classtype:trojan-activity;sid:84710624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847523/; classtype:trojan-activity;sid:84710623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847522/; classtype:trojan-activity;sid:84710622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847521)"; flow:established,from_client; content:"GET"; http_method; content:"/487f7201-44ff-412a-b505-3527dc6b6e1e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meadow-processing-engine.garden"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847521/; classtype:trojan-activity;sid:84710621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.114.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847520/; classtype:trojan-activity;sid:84710620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847519)"; flow:established,from_client; content:"GET"; http_method; content:"/b1587680-6d53-4d69-9907-0a63f6987506/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedgrowframework.garden"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847519/; classtype:trojan-activity;sid:84710619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.217.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847518/; classtype:trojan-activity;sid:84710618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.114.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847517/; classtype:trojan-activity;sid:84710617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847516)"; flow:established,from_client; content:"GET"; http_method; content:"/40b7982b-1d14-4d95-aa8c-9ddf0d61e150/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"irrigation-management-core.garden"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847516/; classtype:trojan-activity;sid:84710616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.217.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847515/; classtype:trojan-activity;sid:84710615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847514/; classtype:trojan-activity;sid:84710614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847513)"; flow:established,from_client; content:"GET"; http_method; content:"/843a7f5a-4ae5-493c-9aa8-c71fea851a57/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microfloraobservatory.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847513/; classtype:trojan-activity;sid:84710613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847512)"; flow:established,from_client; content:"GET"; http_method; content:"/6627179a-c181-435c-90f1-0c3f0053e353/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-petal-network.garden"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847512/; classtype:trojan-activity;sid:84710612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847511/; classtype:trojan-activity;sid:84710611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.108.87.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847510/; classtype:trojan-activity;sid:84710610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.230.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847509/; classtype:trojan-activity;sid:84710609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.197.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847508/; classtype:trojan-activity;sid:84710608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.255.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847507/; classtype:trojan-activity;sid:84710607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.47.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847506/; classtype:trojan-activity;sid:84710606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847505)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6077499728/xttmslk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847505/; classtype:trojan-activity;sid:84710605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847504/; classtype:trojan-activity;sid:84710604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.249.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847503/; classtype:trojan-activity;sid:84710603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847502)"; flow:established,from_client; content:"GET"; http_method; content:"/52d28ce8-a9eb-467c-be16-3e6ff541ad51/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"greenhousecontrolhub.garden"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847502/; classtype:trojan-activity;sid:84710602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.72.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847501/; classtype:trojan-activity;sid:84710601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.108.87.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847500/; classtype:trojan-activity;sid:84710600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.255.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847499/; classtype:trojan-activity;sid:84710599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847498/; classtype:trojan-activity;sid:84710598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.230.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847497/; classtype:trojan-activity;sid:84710597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847496)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0d970525-7a0f-4fc7-a26f-b345c1def880"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ysuz4thn.bellow-norushka-pianissimo.digital"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847496/; classtype:trojan-activity;sid:84710596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847495)"; flow:established,from_client; content:"GET"; http_method; content:"/1939e121-f35c-42df-8d42-2d48c74a1f9b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildflower-routing-path.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847495/; classtype:trojan-activity;sid:84710595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.249.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847494/; classtype:trojan-activity;sid:84710594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847493/; classtype:trojan-activity;sid:84710593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847492/; classtype:trojan-activity;sid:84710592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847491/; classtype:trojan-activity;sid:84710591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847490)"; flow:established,from_client; content:"GET"; http_method; content:"/e0587229-9369-4c97-8567-6162aeb858d9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"botanicalworkflow.garden"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847490/; classtype:trojan-activity;sid:84710590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.72.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847489/; classtype:trojan-activity;sid:84710589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.215.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847488/; classtype:trojan-activity;sid:84710588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.43.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847487/; classtype:trojan-activity;sid:84710587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.110.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847486/; classtype:trojan-activity;sid:84710586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.88.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847485/; classtype:trojan-activity;sid:84710585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.98.97.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847484/; classtype:trojan-activity;sid:84710584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847483/; classtype:trojan-activity;sid:84710583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.165.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847482/; classtype:trojan-activity;sid:84710582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.197.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847481/; classtype:trojan-activity;sid:84710581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.147.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847480/; classtype:trojan-activity;sid:84710580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.117.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847479/; classtype:trojan-activity;sid:84710579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.161.160.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847478/; classtype:trojan-activity;sid:84710578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847477/; classtype:trojan-activity;sid:84710577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.165.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847476/; classtype:trojan-activity;sid:84710576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.162.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847475/; classtype:trojan-activity;sid:84710575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.186.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847474/; classtype:trojan-activity;sid:84710574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847473)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a9de9e46-8f62-4200-8230-d2f575c4403f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"aqge8umy.khudrukrantingmanic.digital"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847473/; classtype:trojan-activity;sid:84710573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847472)"; flow:established,from_client; content:"GET"; http_method; content:"/9bbd2386-075f-43e7-a66d-bafc45da64ef/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wildflower-path-mapping.garden"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847472/; classtype:trojan-activity;sid:84710572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.186.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847471/; classtype:trojan-activity;sid:84710571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.206.170.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847470/; classtype:trojan-activity;sid:84710570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847469)"; flow:established,from_client; content:"GET"; http_method; content:"/5a6a54ed-f8ce-42c5-932e-a2f0fcaf358e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flora-security-base.garden"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847469/; classtype:trojan-activity;sid:84710569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.12.144.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847467/; classtype:trojan-activity;sid:84710567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.12.144.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847468/; classtype:trojan-activity;sid:84710568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.206.170.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847466/; classtype:trojan-activity;sid:84710566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847465)"; flow:established,from_client; content:"GET"; http_method; content:"/11acaa4a-2b88-418b-b652-63b84ab3eb57/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hydropower-irrigation.garden"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847465/; classtype:trojan-activity;sid:84710565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.138.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847464/; classtype:trojan-activity;sid:84710564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.12.111.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847463/; classtype:trojan-activity;sid:84710563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.12.111.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847462/; classtype:trojan-activity;sid:84710562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.154.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847461/; classtype:trojan-activity;sid:84710561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847460/; classtype:trojan-activity;sid:84710560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847459)"; flow:established,from_client; content:"GET"; http_method; content:"/d6d385d3-406c-4a23-be31-4e83fcee4bb9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-planting-logic-manual.garden"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847459/; classtype:trojan-activity;sid:84710559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847458)"; flow:established,from_client; content:"GET"; http_method; content:"/8439fed1-f99d-411e-9487-86c81b5ca334/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sinkingyourself.courses"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847458/; classtype:trojan-activity;sid:84710558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847457)"; flow:established,from_client; content:"GET"; http_method; content:"/df12f25a-4180-4b52-8777-0cc74f20b13f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sinkingyourself.courses"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847457/; classtype:trojan-activity;sid:84710557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.148.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847456/; classtype:trojan-activity;sid:84710556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847455/; classtype:trojan-activity;sid:84710555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847454)"; flow:established,from_client; content:"GET"; http_method; content:"/be76711e-070a-40b5-8822-006143210ecb/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dedicatetake-outpure.courses"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847454/; classtype:trojan-activity;sid:84710554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.191.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847453/; classtype:trojan-activity;sid:84710553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847452)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=91c6f7f5-937a-4089-bbcc-0b039e42f673"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"clwoce8k.runtime-atlas.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847452/; classtype:trojan-activity;sid:84710552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847451)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fa716cd3-f3ca-47ea-aa7d-e16dd1a9ad17"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"juw0th09.runtime-atlas.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847451/; classtype:trojan-activity;sid:84710551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847450)"; flow:established,from_client; content:"GET"; http_method; content:"/be5db3ee-e7dc-4b76-9e3d-3b063fc30991/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bottom-less-waiter-natural.courses"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847450/; classtype:trojan-activity;sid:84710550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847449)"; flow:established,from_client; content:"GET"; http_method; content:"/0d60933f-a1d2-4d88-8145-7fa5a1091ba9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"donutinsulinphilosophy.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847449/; classtype:trojan-activity;sid:84710549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847446)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm5-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847446/; classtype:trojan-activity;sid:84710546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847447)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm6-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847447/; classtype:trojan-activity;sid:84710547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847448)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.x86_64-11"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847448/; classtype:trojan-activity;sid:84710548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847445)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847445/; classtype:trojan-activity;sid:84710545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847438)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847438/; classtype:trojan-activity;sid:84710538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847439)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.mpsl-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847439/; classtype:trojan-activity;sid:84710539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847440)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.x86-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847440/; classtype:trojan-activity;sid:84710540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847441)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.mips-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847441/; classtype:trojan-activity;sid:84710541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847442)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.arm7-11"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847442/; classtype:trojan-activity;sid:84710542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847443)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.ppc-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847443/; classtype:trojan-activity;sid:84710543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847444)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy.sh4-11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847444/; classtype:trojan-activity;sid:84710544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847437)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc13333-5067-40fa-8730-e7d23d77f6fb/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"proxy-matrix-kernel-on.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847437/; classtype:trojan-activity;sid:84710537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847436/; classtype:trojan-activity;sid:84710536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847435)"; flow:established,from_client; content:"GET"; http_method; content:"/aee02a21-aeac-4525-9a9e-7cc8375ade21/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"culling-posture-on-folder.courses"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847435/; classtype:trojan-activity;sid:84710535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.251.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847434/; classtype:trojan-activity;sid:84710534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847432/; classtype:trojan-activity;sid:84710532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.31.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847433/; classtype:trojan-activity;sid:84710533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.224.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847431/; classtype:trojan-activity;sid:84710531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847430/; classtype:trojan-activity;sid:84710530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847429/; classtype:trojan-activity;sid:84710529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847428)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847428/; classtype:trojan-activity;sid:84710528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847425)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847425/; classtype:trojan-activity;sid:84710525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847426)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847426/; classtype:trojan-activity;sid:84710526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847427)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847427/; classtype:trojan-activity;sid:84710527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847424)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847424/; classtype:trojan-activity;sid:84710524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847423/; classtype:trojan-activity;sid:84710523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847422)"; flow:established,from_client; content:"GET"; http_method; content:"/51b2c158-5b76-48ec-9553-250484733d60/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down-playing-folder-seven-ue.courses"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847422/; classtype:trojan-activity;sid:84710522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847421/; classtype:trojan-activity;sid:84710521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847420/; classtype:trojan-activity;sid:84710520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.226.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847419/; classtype:trojan-activity;sid:84710519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.45.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847418/; classtype:trojan-activity;sid:84710518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847417/; classtype:trojan-activity;sid:84710517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847415)"; flow:established,from_client; content:"GET"; http_method; content:"/21c380fc-d305-43ea-bfea-9907356ea85e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"steel-glok-yes-valence.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847415/; classtype:trojan-activity;sid:84710515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847416/; classtype:trojan-activity;sid:84710516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847413/; classtype:trojan-activity;sid:84710513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847414/; classtype:trojan-activity;sid:84710514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847412)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv4l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847412/; classtype:trojan-activity;sid:84710512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847406)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847406/; classtype:trojan-activity;sid:84710506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847407)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847407/; classtype:trojan-activity;sid:84710507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847408)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847408/; classtype:trojan-activity;sid:84710508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847409)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847409/; classtype:trojan-activity;sid:84710509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847410)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847410/; classtype:trojan-activity;sid:84710510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847411)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847411/; classtype:trojan-activity;sid:84710511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847401)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847401/; classtype:trojan-activity;sid:84710501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847402)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847402/; classtype:trojan-activity;sid:84710502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847403)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847403/; classtype:trojan-activity;sid:84710503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847404)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847404/; classtype:trojan-activity;sid:84710504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847405)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847405/; classtype:trojan-activity;sid:84710505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847400)"; flow:established,from_client; content:"GET"; http_method; content:"/6c30840a-96be-4de0-ab56-885512b6a791/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"neural-atlas-code-flat.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847400/; classtype:trojan-activity;sid:84710500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847399/; classtype:trojan-activity;sid:84710499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847398/; classtype:trojan-activity;sid:84710498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.45.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847397/; classtype:trojan-activity;sid:84710497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847396/; classtype:trojan-activity;sid:84710496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847395)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ee2154dc-b6bf-487f-8721-b9935aae0be8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cjjt9vzq.icewounded.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847395/; classtype:trojan-activity;sid:84710495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.69.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847394/; classtype:trojan-activity;sid:84710494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847393)"; flow:established,from_client; content:"GET"; http_method; content:"/e449cdb3-6091-44e7-a934-34ba9765dd19/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"get-folder-runtime-harbor.courses"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847393/; classtype:trojan-activity;sid:84710493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847392)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.180.82.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847392/; classtype:trojan-activity;sid:84710492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847391)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.180.82.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847391/; classtype:trojan-activity;sid:84710491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847390)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.180.82.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847390/; classtype:trojan-activity;sid:84710490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847389)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/trans.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847389/; classtype:trojan-activity;sid:84710489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.168.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847388/; classtype:trojan-activity;sid:84710488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.56.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847387/; classtype:trojan-activity;sid:84710487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.103.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847386/; classtype:trojan-activity;sid:84710486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847385)"; flow:established,from_client; content:"GET"; http_method; content:"/gbot.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847385/; classtype:trojan-activity;sid:84710485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.80.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847384/; classtype:trojan-activity;sid:84710484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847379)"; flow:established,from_client; content:"GET"; http_method; content:"/gbot.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847379/; classtype:trojan-activity;sid:84710479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847380)"; flow:established,from_client; content:"GET"; http_method; content:"/gbot.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847380/; classtype:trojan-activity;sid:84710480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847381)"; flow:established,from_client; content:"GET"; http_method; content:"/gbot.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847381/; classtype:trojan-activity;sid:84710481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847382)"; flow:established,from_client; content:"GET"; http_method; content:"/gbot.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847382/; classtype:trojan-activity;sid:84710482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847383)"; flow:established,from_client; content:"GET"; http_method; content:"/gbot.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847383/; classtype:trojan-activity;sid:84710483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847378)"; flow:established,from_client; content:"GET"; http_method; content:"/xz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847378/; classtype:trojan-activity;sid:84710478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847377)"; flow:established,from_client; content:"GET"; http_method; content:"/4f6077ba-ff95-4178-950c-b572836dbad0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"signal-late-it-folder.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847377/; classtype:trojan-activity;sid:84710477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.69.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847376/; classtype:trojan-activity;sid:84710476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.103.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847375/; classtype:trojan-activity;sid:84710475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.71.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847374/; classtype:trojan-activity;sid:84710474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847373)"; flow:established,from_client; content:"GET"; http_method; content:"/df90e108-b307-4766-8809-48822812d734/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"byte-horizon-get-hash.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847373/; classtype:trojan-activity;sid:84710473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.122.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847372/; classtype:trojan-activity;sid:84710472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.252.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847371/; classtype:trojan-activity;sid:84710471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847370)"; flow:established,from_client; content:"GET"; http_method; content:"/c352daa7-9e4e-4364-ad54-895ed35f9349/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-pipeline-ten-it.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847370/; classtype:trojan-activity;sid:84710470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847369)"; flow:established,from_client; content:"GET"; http_method; content:"/06vffr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.186.244.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847369/; classtype:trojan-activity;sid:84710469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847368/; classtype:trojan-activity;sid:84710468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.139.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847367/; classtype:trojan-activity;sid:84710467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.122.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847366/; classtype:trojan-activity;sid:84710466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847365)"; flow:established,from_client; content:"GET"; http_method; content:"/68/simplecreationsforme.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847365/; classtype:trojan-activity;sid:84710465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847364)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_182414.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"raptore.yzz.me"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847364/; classtype:trojan-activity;sid:84710464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847363)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/fxetk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"fiinterchillers.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847363/; classtype:trojan-activity;sid:84710463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847362)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/dlqdq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"fiinterchillers.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847362/; classtype:trojan-activity;sid:84710462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847361)"; flow:established,from_client; content:"GET"; http_method; content:"/ww26a.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.31.191.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847361/; classtype:trojan-activity;sid:84710461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.252.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847360/; classtype:trojan-activity;sid:84710460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847359)"; flow:established,from_client; content:"GET"; http_method; content:"/84538c33-f20a-46fa-ae13-a19324269d76/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"quantum-forge-nat.courses"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847359/; classtype:trojan-activity;sid:84710459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847358)"; flow:established,from_client; content:"GET"; http_method; content:"/d/out.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.32.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847358/; classtype:trojan-activity;sid:84710458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847344)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"144.172.117.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847344/; classtype:trojan-activity;sid:84710444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847345)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.crouvieum"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847345/; classtype:trojan-activity;sid:84710445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847346)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.crouvieum"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847346/; classtype:trojan-activity;sid:84710446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847347)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847347/; classtype:trojan-activity;sid:84710447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847348)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847348/; classtype:trojan-activity;sid:84710448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847349)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847349/; classtype:trojan-activity;sid:84710449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847350)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.crouvieum"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847350/; classtype:trojan-activity;sid:84710450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847351)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847351/; classtype:trojan-activity;sid:84710451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847352)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847352/; classtype:trojan-activity;sid:84710452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847353)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.crouvieum"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847353/; classtype:trojan-activity;sid:84710453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847354)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847354/; classtype:trojan-activity;sid:84710454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847355)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.90.51.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847355/; classtype:trojan-activity;sid:84710455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847356)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847356/; classtype:trojan-activity;sid:84710456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847357)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.crouvieum"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.156.87.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847357/; classtype:trojan-activity;sid:84710457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847341)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/sys_users"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847341/; classtype:trojan-activity;sid:84710441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847342)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/security"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847342/; classtype:trojan-activity;sid:84710442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847343)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/.sys/sys_users"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"177.22.88.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847343/; classtype:trojan-activity;sid:84710443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847340)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b584670f7ec2f317.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847340/; classtype:trojan-activity;sid:84710440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847339)"; flow:established,from_client; content:"GET"; http_method; content:"/file123"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vanta.st"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847339/; classtype:trojan-activity;sid:84710439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847337)"; flow:established,from_client; content:"GET"; http_method; content:"/file/b8nd1tij"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mega.nz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847337/; classtype:trojan-activity;sid:84710437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847338)"; flow:established,from_client; content:"GET"; http_method; content:"/d/631858/download"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"download-api-endpoint.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847338/; classtype:trojan-activity;sid:84710438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847333)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a543261976c5065f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847333/; classtype:trojan-activity;sid:84710433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847334)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1092293e5c2c1443.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847334/; classtype:trojan-activity;sid:84710434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847335)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"hexvm.cloud"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847335/; classtype:trojan-activity;sid:84710435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847336)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/adb.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847336/; classtype:trojan-activity;sid:84710436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/stim.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.117.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847330/; classtype:trojan-activity;sid:84710430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm.nexus"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"144.172.117.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847331/; classtype:trojan-activity;sid:84710431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64.nexus"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"144.172.117.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847332/; classtype:trojan-activity;sid:84710432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847326)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/elevator"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847326/; classtype:trojan-activity;sid:84710426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847327)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/runtimebroker.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847327/; classtype:trojan-activity;sid:84710427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847328)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/module"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847328/; classtype:trojan-activity;sid:84710428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847329)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/module2"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847329/; classtype:trojan-activity;sid:84710429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847325)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/component"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847325/; classtype:trojan-activity;sid:84710425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/client.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sterlingreservewealth.info"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847323/; classtype:trojan-activity;sid:84710423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847324)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jar/pjibf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"whbackend.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847324/; classtype:trojan-activity;sid:84710424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847322)"; flow:established,from_client; content:"GET"; http_method; content:"/xqvma/5621390019_protected.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"temp.sh"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847322/; classtype:trojan-activity;sid:84710422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847321)"; flow:established,from_client; content:"GET"; http_method; content:"/d/631858"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"endpoint-api-node.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847321/; classtype:trojan-activity;sid:84710421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.101.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847319/; classtype:trojan-activity;sid:84710419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847320)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|slug=wondersharefilmore"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"toolkeep.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847320/; classtype:trojan-activity;sid:84710420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847318)"; flow:established,from_client; content:"GET"; http_method; content:"/build.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"144.31.134.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847318/; classtype:trojan-activity;sid:84710418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847317)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ogvy7w0udb1atkkvc7vd8/build.msi|3f|rlkey=k4vj7yhqvy1u5y1rp56kdectf|7c|26|7c|st=y0x3rw4l|7c|26|7c|dl=1"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847317/; classtype:trojan-activity;sid:84710417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.247.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847316/; classtype:trojan-activity;sid:84710416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.139.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847315/; classtype:trojan-activity;sid:84710415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847314)"; flow:established,from_client; content:"GET"; http_method; content:"/dd9bda68-7894-4ee9-977c-e5fb21c95b38/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"diphtongspecialchess.courses"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847314/; classtype:trojan-activity;sid:84710414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.93.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847313/; classtype:trojan-activity;sid:84710413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.212.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847312/; classtype:trojan-activity;sid:84710412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.113.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847311/; classtype:trojan-activity;sid:84710411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.113.70.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847309/; classtype:trojan-activity;sid:84710409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.113.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847310/; classtype:trojan-activity;sid:84710410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.113.70.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847307/; classtype:trojan-activity;sid:84710407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.113.70.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847308/; classtype:trojan-activity;sid:84710408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.168.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847306/; classtype:trojan-activity;sid:84710406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.212.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847305/; classtype:trojan-activity;sid:84710405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847304)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6f9e7e9a-ce06-48a8-bcad-aa6c985de92c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9yg7582w.packet-lattice.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847304/; classtype:trojan-activity;sid:84710404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847303/; classtype:trojan-activity;sid:84710403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.206.85.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847302/; classtype:trojan-activity;sid:84710402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847301)"; flow:established,from_client; content:"GET"; http_method; content:"/44ee5dd0-cd5b-4706-baab-744f11481d47/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hold-holdskopetztakenaback.courses"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847301/; classtype:trojan-activity;sid:84710401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847300)"; flow:established,from_client; content:"GET"; http_method; content:"/f933ae6c-0b5c-4098-81ea-fceefcbdbf2a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"eh-masled.courses"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847300/; classtype:trojan-activity;sid:84710400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847299/; classtype:trojan-activity;sid:84710399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.60.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847298/; classtype:trojan-activity;sid:84710398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847297/; classtype:trojan-activity;sid:84710397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847296)"; flow:established,from_client; content:"GET"; http_method; content:"/2019e0a6-8ae4-495f-90ab-cb3d888f1369/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hold-holdskopetztakenaback.courses"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847296/; classtype:trojan-activity;sid:84710396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847295/; classtype:trojan-activity;sid:84710395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847294/; classtype:trojan-activity;sid:84710394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847293/; classtype:trojan-activity;sid:84710393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847292/; classtype:trojan-activity;sid:84710392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847291)"; flow:established,from_client; content:"GET"; http_method; content:"/8ab05d4b-08d8-41d4-925e-37f856bcdc23/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"diphtongspecialchess.courses"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847291/; classtype:trojan-activity;sid:84710391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.115.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847290/; classtype:trojan-activity;sid:84710390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847289/; classtype:trojan-activity;sid:84710389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847288)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847288/; classtype:trojan-activity;sid:84710388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.115.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847281/; classtype:trojan-activity;sid:84710381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847282)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847282/; classtype:trojan-activity;sid:84710382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847283)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847283/; classtype:trojan-activity;sid:84710383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847284)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847284/; classtype:trojan-activity;sid:84710384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847285)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847285/; classtype:trojan-activity;sid:84710385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847286)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847286/; classtype:trojan-activity;sid:84710386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847287)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847287/; classtype:trojan-activity;sid:84710387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847278)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847278/; classtype:trojan-activity;sid:84710378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847279)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847279/; classtype:trojan-activity;sid:84710379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847280)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847280/; classtype:trojan-activity;sid:84710380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847275/; classtype:trojan-activity;sid:84710375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847276)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847276/; classtype:trojan-activity;sid:84710376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847277)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847277/; classtype:trojan-activity;sid:84710377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847273)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847273/; classtype:trojan-activity;sid:84710373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847274)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847274/; classtype:trojan-activity;sid:84710374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847271)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847271/; classtype:trojan-activity;sid:84710371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847272)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.251.180.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847272/; classtype:trojan-activity;sid:84710372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.187.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847270/; classtype:trojan-activity;sid:84710370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.189.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847269/; classtype:trojan-activity;sid:84710369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.187.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847266/; classtype:trojan-activity;sid:84710366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.189.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847267/; classtype:trojan-activity;sid:84710367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847268/; classtype:trojan-activity;sid:84710368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.185.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847265/; classtype:trojan-activity;sid:84710365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847264)"; flow:established,from_client; content:"GET"; http_method; content:"/b6c69e57-3651-4850-91fb-dd52a48f84df/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"flatten-goinghavethis-weight-lifting.courses"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847264/; classtype:trojan-activity;sid:84710364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847263/; classtype:trojan-activity;sid:84710363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847262/; classtype:trojan-activity;sid:84710362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847261)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847261/; classtype:trojan-activity;sid:84710361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847259)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847259/; classtype:trojan-activity;sid:84710359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847260)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847260/; classtype:trojan-activity;sid:84710360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847254)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847254/; classtype:trojan-activity;sid:84710354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847255/; classtype:trojan-activity;sid:84710355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847256)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847256/; classtype:trojan-activity;sid:84710356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847257)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847257/; classtype:trojan-activity;sid:84710357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847258)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847258/; classtype:trojan-activity;sid:84710358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847253)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847253/; classtype:trojan-activity;sid:84710353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847252/; classtype:trojan-activity;sid:84710352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.245.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847251/; classtype:trojan-activity;sid:84710351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847250)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3b901fbc-d20d-48a5-b75f-a775dd7201fe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vsif6dio.animalspintroll-xerography.digital"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847250/; classtype:trojan-activity;sid:84710350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.245.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847249/; classtype:trojan-activity;sid:84710349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847248)"; flow:established,from_client; content:"GET"; http_method; content:"/4c2d6b8d-8ce8-4063-b767-4722b27cb7c9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"madrigalscythianphenologist.courses"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847248/; classtype:trojan-activity;sid:84710348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847247/; classtype:trojan-activity;sid:84710347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847246/; classtype:trojan-activity;sid:84710346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.42.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847245/; classtype:trojan-activity;sid:84710345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.189.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847244/; classtype:trojan-activity;sid:84710344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847243/; classtype:trojan-activity;sid:84710343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847242/; classtype:trojan-activity;sid:84710342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847241)"; flow:established,from_client; content:"GET"; http_method; content:"/a87982c8-b7e5-4323-8793-3b7232b68d90/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"focus-mutovka-transfer-able.courses"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847241/; classtype:trojan-activity;sid:84710341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.189.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847240/; classtype:trojan-activity;sid:84710340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847239)"; flow:established,from_client; content:"GET"; http_method; content:"/2b63824a-aa6e-4e6f-bf26-cd1020f677b2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bargecontradictionexcrement.courses"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847239/; classtype:trojan-activity;sid:84710339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.217.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847238/; classtype:trojan-activity;sid:84710338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847235)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847235/; classtype:trojan-activity;sid:84710335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847236)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847236/; classtype:trojan-activity;sid:84710336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847237)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847237/; classtype:trojan-activity;sid:84710337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847234/; classtype:trojan-activity;sid:84710334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847233)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847233/; classtype:trojan-activity;sid:84710333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847232)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847232/; classtype:trojan-activity;sid:84710332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847231)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847231/; classtype:trojan-activity;sid:84710331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847230/; classtype:trojan-activity;sid:84710330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.217.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847229/; classtype:trojan-activity;sid:84710329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847228)"; flow:established,from_client; content:"GET"; http_method; content:"/948d1452-0df6-4327-a801-5e906b407c64/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bushrosvalni.courses"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847228/; classtype:trojan-activity;sid:84710328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.119.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847227/; classtype:trojan-activity;sid:84710327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.60.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847226/; classtype:trojan-activity;sid:84710326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.245.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847225/; classtype:trojan-activity;sid:84710325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847224)"; flow:established,from_client; content:"GET"; http_method; content:"/0085c648-3ab0-4c14-8cdc-ca79cba7700a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"correction-pancake-seissy.courses"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847224/; classtype:trojan-activity;sid:84710324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.247.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847223/; classtype:trojan-activity;sid:84710323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.126.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847221/; classtype:trojan-activity;sid:84710321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847222/; classtype:trojan-activity;sid:84710322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847220/; classtype:trojan-activity;sid:84710320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847219)"; flow:established,from_client; content:"GET"; http_method; content:"/fa3e1607-0054-417a-810c-92c18b6adf97/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kilowattssnualinoculation.courses"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847219/; classtype:trojan-activity;sid:84710319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847218/; classtype:trojan-activity;sid:84710318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847217/; classtype:trojan-activity;sid:84710317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847216)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b08131e8-81fe-4987-b38f-7f93448d3ad9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"39tc4pze.stack-forge.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847216/; classtype:trojan-activity;sid:84710316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847215)"; flow:established,from_client; content:"GET"; http_method; content:"/bfb3fa12-6cb4-4231-a84f-bf2b230424a0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerizedworkflowengine.courses"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847215/; classtype:trojan-activity;sid:84710315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.3.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847214/; classtype:trojan-activity;sid:84710314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.201.226.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847213/; classtype:trojan-activity;sid:84710313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847212)"; flow:established,from_client; content:"GET"; http_method; content:"/4477be58-0733-4d52-b75e-689bed4eae93/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverlesscontrolplane.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847212/; classtype:trojan-activity;sid:84710312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847211/; classtype:trojan-activity;sid:84710311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.193.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847210/; classtype:trojan-activity;sid:84710310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.201.226.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847209/; classtype:trojan-activity;sid:84710309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847208)"; flow:established,from_client; content:"GET"; http_method; content:"/6b6af1ba-fb94-4c7f-91a5-50b3df54adeb/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"observability-hub-system.courses"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847208/; classtype:trojan-activity;sid:84710308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.193.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847207/; classtype:trojan-activity;sid:84710307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.35.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847206/; classtype:trojan-activity;sid:84710306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.112.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847205/; classtype:trojan-activity;sid:84710305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.107.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847204/; classtype:trojan-activity;sid:84710304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.250.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847203/; classtype:trojan-activity;sid:84710303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.35.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847202/; classtype:trojan-activity;sid:84710302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.77.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847201/; classtype:trojan-activity;sid:84710301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.35.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847200/; classtype:trojan-activity;sid:84710300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.127.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847199/; classtype:trojan-activity;sid:84710299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.196.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847198/; classtype:trojan-activity;sid:84710298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.60.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847197/; classtype:trojan-activity;sid:84710297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.6.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847196/; classtype:trojan-activity;sid:84710296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.90.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847195/; classtype:trojan-activity;sid:84710295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.96.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847194/; classtype:trojan-activity;sid:84710294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847193)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d85b5929-9adf-44bd-b902-a65df8ae910e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"11udvmp9.polestennisplayer.digital"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847193/; classtype:trojan-activity;sid:84710293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.54.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847192/; classtype:trojan-activity;sid:84710292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.127.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847191/; classtype:trojan-activity;sid:84710291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.66.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847190/; classtype:trojan-activity;sid:84710290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847189)"; flow:established,from_client; content:"GET"; http_method; content:"/cd6dc4f6-5587-4f7e-a0f5-c64cc53bce63/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-storage-layer.courses"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847189/; classtype:trojan-activity;sid:84710289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847188/; classtype:trojan-activity;sid:84710288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847187/; classtype:trojan-activity;sid:84710287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847186/; classtype:trojan-activity;sid:84710286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.148.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847185/; classtype:trojan-activity;sid:84710285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847184)"; flow:established,from_client; content:"GET"; http_method; content:"/168b7f1a-7d08-44ab-a87d-04550606da15/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packetlattice.courses"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847184/; classtype:trojan-activity;sid:84710284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.206.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847183/; classtype:trojan-activity;sid:84710283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847182)"; flow:established,from_client; content:"GET"; http_method; content:"/d8b534b3-fd84-4963-b207-093acf846a50/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtualgateway.courses"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847182/; classtype:trojan-activity;sid:84710282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.51.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847181/; classtype:trojan-activity;sid:84710281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.119.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847180/; classtype:trojan-activity;sid:84710280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847179/; classtype:trojan-activity;sid:84710279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847178/; classtype:trojan-activity;sid:84710278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.173.158.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847177/; classtype:trojan-activity;sid:84710277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.226.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847176/; classtype:trojan-activity;sid:84710276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.206.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847175/; classtype:trojan-activity;sid:84710275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847174/; classtype:trojan-activity;sid:84710274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.79.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847173/; classtype:trojan-activity;sid:84710273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847172)"; flow:established,from_client; content:"GET"; http_method; content:"/f0de198d-9673-49a1-b937-51831832595f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-event-processing-lab.courses"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847172/; classtype:trojan-activity;sid:84710272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847171/; classtype:trojan-activity;sid:84710271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.4.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847170/; classtype:trojan-activity;sid:84710270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847169/; classtype:trojan-activity;sid:84710269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.105.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847168/; classtype:trojan-activity;sid:84710268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847167)"; flow:established,from_client; content:"GET"; http_method; content:"/4ccc3178-5691-42aa-98da-da5f5873bc64/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"telemetry-stream-core.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847167/; classtype:trojan-activity;sid:84710267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847166)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b19b1646-6c25-4808-b039-beeb548c070b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cggirdg7.neural-routing.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847166/; classtype:trojan-activity;sid:84710266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.105.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847165/; classtype:trojan-activity;sid:84710265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847164)"; flow:established,from_client; content:"GET"; http_method; content:"/6d3418e9-6c4e-4abb-aaa2-d7e98e6a1bf7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cloud-sync.courses"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847164/; classtype:trojan-activity;sid:84710264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.234.9.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847163/; classtype:trojan-activity;sid:84710263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847162)"; flow:established,from_client; content:"GET"; http_method; content:"/a3ee5338-0320-4acd-8885-4825d1f483b3/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-network-hub.courses"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847162/; classtype:trojan-activity;sid:84710262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847161)"; flow:established,from_client; content:"GET"; http_method; content:"/dos.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"107.182.128.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847161/; classtype:trojan-activity;sid:84710261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847160)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=273a526b-985a-4bfc-9ca2-f0cd19351757"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"49h06cy9.pashtuns-study-rose-hip.digital"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847160/; classtype:trojan-activity;sid:84710260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847159)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.227.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847159/; classtype:trojan-activity;sid:84710259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847158)"; flow:established,from_client; content:"GET"; http_method; content:"/5c7004ae-5b57-4c34-b69f-b89ea7bedad7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stackforgeacademy.courses"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847158/; classtype:trojan-activity;sid:84710258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.226.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847157/; classtype:trojan-activity;sid:84710257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.92.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847156/; classtype:trojan-activity;sid:84710256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.137.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847154/; classtype:trojan-activity;sid:84710254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.234.9.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847155/; classtype:trojan-activity;sid:84710255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.226.213.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847152/; classtype:trojan-activity;sid:84710252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.172.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847153/; classtype:trojan-activity;sid:84710253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.63.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847151/; classtype:trojan-activity;sid:84710251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.71.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847150/; classtype:trojan-activity;sid:84710250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847149/; classtype:trojan-activity;sid:84710249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.114.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847143/; classtype:trojan-activity;sid:84710243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.37.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847144/; classtype:trojan-activity;sid:84710244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.206.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847145/; classtype:trojan-activity;sid:84710245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847146/; classtype:trojan-activity;sid:84710246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847147/; classtype:trojan-activity;sid:84710247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847148/; classtype:trojan-activity;sid:84710248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.35.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847140/; classtype:trojan-activity;sid:84710240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.6.219"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847141/; classtype:trojan-activity;sid:84710241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847142/; classtype:trojan-activity;sid:84710242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.1.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847139/; classtype:trojan-activity;sid:84710239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.235.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847134/; classtype:trojan-activity;sid:84710234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.214.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847135/; classtype:trojan-activity;sid:84710235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.171.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847136/; classtype:trojan-activity;sid:84710236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.157.125.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847137/; classtype:trojan-activity;sid:84710237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.144.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847138/; classtype:trojan-activity;sid:84710238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.235.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847133/; classtype:trojan-activity;sid:84710233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.214.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847126/; classtype:trojan-activity;sid:84710226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.137.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847127/; classtype:trojan-activity;sid:84710227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.102.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847128/; classtype:trojan-activity;sid:84710228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.162.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847129/; classtype:trojan-activity;sid:84710229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.245.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847130/; classtype:trojan-activity;sid:84710230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.196.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847131/; classtype:trojan-activity;sid:84710231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.171.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847132/; classtype:trojan-activity;sid:84710232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.35.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847120/; classtype:trojan-activity;sid:84710220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.114.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847121/; classtype:trojan-activity;sid:84710221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.169.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847122/; classtype:trojan-activity;sid:84710222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847123/; classtype:trojan-activity;sid:84710223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.246.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847124/; classtype:trojan-activity;sid:84710224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.1.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847125/; classtype:trojan-activity;sid:84710225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.222.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847118/; classtype:trojan-activity;sid:84710218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847119/; classtype:trojan-activity;sid:84710219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.251.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847117/; classtype:trojan-activity;sid:84710217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.31.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847116/; classtype:trojan-activity;sid:84710216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847115)"; flow:established,from_client; content:"GET"; http_method; content:"/8629a111-b9c8-420b-bd13-72d741ebee2d/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microservicecluster.courses"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847115/; classtype:trojan-activity;sid:84710215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847114)"; flow:established,from_client; content:"GET"; http_method; content:"/12.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847114/; classtype:trojan-activity;sid:84710214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.214.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847113/; classtype:trojan-activity;sid:84710213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847112/; classtype:trojan-activity;sid:84710212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.70.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847111/; classtype:trojan-activity;sid:84710211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847110)"; flow:established,from_client; content:"GET"; http_method; content:"/b93e10cb-26ea-4f03-b3d3-4b859b3e02a1/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"neural-routing-fabric.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847110/; classtype:trojan-activity;sid:84710210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.59.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847109/; classtype:trojan-activity;sid:84710209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.59.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847108/; classtype:trojan-activity;sid:84710208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.43.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847107/; classtype:trojan-activity;sid:84710207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847106)"; flow:established,from_client; content:"GET"; http_method; content:"/e0d45b33-d679-49cb-bb09-cdb8deb90b47/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packet-relay-engine.courses"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847106/; classtype:trojan-activity;sid:84710206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.124.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847105/; classtype:trojan-activity;sid:84710205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847104/; classtype:trojan-activity;sid:84710204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.226.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847102/; classtype:trojan-activity;sid:84710202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.43.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847103/; classtype:trojan-activity;sid:84710203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847101/; classtype:trojan-activity;sid:84710201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847100/; classtype:trojan-activity;sid:84710200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.100.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847099/; classtype:trojan-activity;sid:84710199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.241.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847098/; classtype:trojan-activity;sid:84710198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847097)"; flow:established,from_client; content:"GET"; http_method; content:"/57611706-7796-4720-8fb9-e764e4602058/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"binarydock.courses"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847097/; classtype:trojan-activity;sid:84710197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847096/; classtype:trojan-activity;sid:84710196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.216.236.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847095/; classtype:trojan-activity;sid:84710195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847094)"; flow:established,from_client; content:"GET"; http_method; content:"/3390e460-829b-4c4f-95c7-43f9f9f59637/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cloudinfrastructure.courses"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847094/; classtype:trojan-activity;sid:84710194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.124.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847093/; classtype:trojan-activity;sid:84710193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847092)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c2e8afac-1006-4363-b636-a32c0909e885"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sgs68ivh.binary-dock.digital"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847092/; classtype:trojan-activity;sid:84710192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847091/; classtype:trojan-activity;sid:84710191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847090)"; flow:established,from_client; content:"GET"; http_method; content:"/7493752f-c8cf-481b-b9b5-84e796bb5032/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"puffingsiterreorganize.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847090/; classtype:trojan-activity;sid:84710190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.141.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847089/; classtype:trojan-activity;sid:84710189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847088/; classtype:trojan-activity;sid:84710188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847087)"; flow:established,from_client; content:"GET"; http_method; content:"/92785fc1-4d01-4e6b-beb7-260fc3da7c87/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"smuggler-beluga-notion.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847087/; classtype:trojan-activity;sid:84710187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.36.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847086/; classtype:trojan-activity;sid:84710186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.126.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847085/; classtype:trojan-activity;sid:84710185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847084/; classtype:trojan-activity;sid:84710184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.36.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847083/; classtype:trojan-activity;sid:84710183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.126.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847082/; classtype:trojan-activity;sid:84710182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847081/; classtype:trojan-activity;sid:84710181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.240.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847080/; classtype:trojan-activity;sid:84710180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847079)"; flow:established,from_client; content:"GET"; http_method; content:"/eb62c38c-dfe1-4d59-97a6-70f864ecde84/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"inhalerotolaryngologist.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847079/; classtype:trojan-activity;sid:84710179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847078/; classtype:trojan-activity;sid:84710178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847077)"; flow:established,from_client; content:"GET"; http_method; content:"/d78be1cb-a2b1-4ccb-9b61-8dcad87f9405/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adulter-bassist.courses"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847077/; classtype:trojan-activity;sid:84710177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.127.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847076/; classtype:trojan-activity;sid:84710176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847075)"; flow:established,from_client; content:"GET"; http_method; content:"/08992efe-1d68-4486-8c19-fca8166fd914/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"leniniansexualbeginner.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847075/; classtype:trojan-activity;sid:84710175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847074/; classtype:trojan-activity;sid:84710174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.248.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847073/; classtype:trojan-activity;sid:84710173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847072/; classtype:trojan-activity;sid:84710172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847071)"; flow:established,from_client; content:"GET"; http_method; content:"/229ed27e-e2c5-4a24-b6a8-cbe6361a90e3/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federatedstoragelab.courses"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847071/; classtype:trojan-activity;sid:84710171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847070)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3b207d8a-b086-48db-9fc0-807a48d14e97"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5nan0z8w.sniffingviableoffice.digital"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847070/; classtype:trojan-activity;sid:84710170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847069/; classtype:trojan-activity;sid:84710169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847068/; classtype:trojan-activity;sid:84710168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.127.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847067/; classtype:trojan-activity;sid:84710167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.235.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847066/; classtype:trojan-activity;sid:84710166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847065/; classtype:trojan-activity;sid:84710165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847064/; classtype:trojan-activity;sid:84710164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847063)"; flow:established,from_client; content:"GET"; http_method; content:"/d272ec44-3cb4-452d-9dd5-3dd48da53788/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"leniniansexualbeginner.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847063/; classtype:trojan-activity;sid:84710163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847061/; classtype:trojan-activity;sid:84710161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.90.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847062/; classtype:trojan-activity;sid:84710162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.243.140.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847059/; classtype:trojan-activity;sid:84710159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.85.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847060/; classtype:trojan-activity;sid:84710160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847056/; classtype:trojan-activity;sid:84710156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847057/; classtype:trojan-activity;sid:84710157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.123.207.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847058/; classtype:trojan-activity;sid:84710158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.61.48.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847055/; classtype:trojan-activity;sid:84710155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847053/; classtype:trojan-activity;sid:84710153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.161.160.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847054/; classtype:trojan-activity;sid:84710154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.131.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847052/; classtype:trojan-activity;sid:84710152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.206.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847051/; classtype:trojan-activity;sid:84710151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.143.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847048/; classtype:trojan-activity;sid:84710148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847049/; classtype:trojan-activity;sid:84710149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.123.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847050/; classtype:trojan-activity;sid:84710150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.81.98.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847047/; classtype:trojan-activity;sid:84710147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847042/; classtype:trojan-activity;sid:84710142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.238.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847043/; classtype:trojan-activity;sid:84710143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.85.68.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847044/; classtype:trojan-activity;sid:84710144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.18.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847045/; classtype:trojan-activity;sid:84710145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.102.130.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847046/; classtype:trojan-activity;sid:84710146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.73.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847041/; classtype:trojan-activity;sid:84710141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.245.39.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847038/; classtype:trojan-activity;sid:84710138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.235.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847039/; classtype:trojan-activity;sid:84710139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.123.207.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847040/; classtype:trojan-activity;sid:84710140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.73.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847034/; classtype:trojan-activity;sid:84710134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.61.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847035/; classtype:trojan-activity;sid:84710135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.153.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847036/; classtype:trojan-activity;sid:84710136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.127.235.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847037/; classtype:trojan-activity;sid:84710137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.123.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847033/; classtype:trojan-activity;sid:84710133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.81.98.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847032/; classtype:trojan-activity;sid:84710132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.127.235.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847030/; classtype:trojan-activity;sid:84710130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.224.83.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847031/; classtype:trojan-activity;sid:84710131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847026/; classtype:trojan-activity;sid:84710126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.40.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847027/; classtype:trojan-activity;sid:84710127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847028/; classtype:trojan-activity;sid:84710128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.78.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847029/; classtype:trojan-activity;sid:84710129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.85.68.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847021/; classtype:trojan-activity;sid:84710121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.143.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847022/; classtype:trojan-activity;sid:84710122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.18.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847023/; classtype:trojan-activity;sid:84710123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.85.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847024/; classtype:trojan-activity;sid:84710124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.216.153.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847025/; classtype:trojan-activity;sid:84710125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.61.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847020/; classtype:trojan-activity;sid:84710120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.150.97.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847018/; classtype:trojan-activity;sid:84710118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.150.97.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847019/; classtype:trojan-activity;sid:84710119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.202.146.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847017/; classtype:trojan-activity;sid:84710117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847016)"; flow:established,from_client; content:"GET"; http_method; content:"/f0b7f4e9-593e-42d0-bf6d-12d827b48092/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"runtime-control-plane.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847016/; classtype:trojan-activity;sid:84710116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.204.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847015/; classtype:trojan-activity;sid:84710115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.211.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847014/; classtype:trojan-activity;sid:84710114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847013)"; flow:established,from_client; content:"GET"; http_method; content:"/37680f74-25b6-48fc-a6c5-3b57ea4bf690/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gnashhusks.courses"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847013/; classtype:trojan-activity;sid:84710113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847012)"; flow:established,from_client; content:"GET"; http_method; content:"/14914ea2-0ce8-463b-8c5f-9ca3541041fc/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gnashhusks.courses"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847012/; classtype:trojan-activity;sid:84710112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.6.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847011/; classtype:trojan-activity;sid:84710111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.72.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847010/; classtype:trojan-activity;sid:84710110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.202.146.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847009/; classtype:trojan-activity;sid:84710109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.204.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847008/; classtype:trojan-activity;sid:84710108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.211.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847007/; classtype:trojan-activity;sid:84710107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.86.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847006/; classtype:trojan-activity;sid:84710106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.78.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847005/; classtype:trojan-activity;sid:84710105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847004/; classtype:trojan-activity;sid:84710104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.239.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847003/; classtype:trojan-activity;sid:84710103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.72.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847002/; classtype:trojan-activity;sid:84710102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.169.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847001/; classtype:trojan-activity;sid:84710101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847000)"; flow:established,from_client; content:"GET"; http_method; content:"/30e03c6a-3e6a-43f7-84ef-fa693c680c70/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedcache.courses"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3847000/; classtype:trojan-activity;sid:84710100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.73.161.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846999/; classtype:trojan-activity;sid:84710099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.247.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846998/; classtype:trojan-activity;sid:84710098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.239.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846997/; classtype:trojan-activity;sid:84710097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.95.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846996/; classtype:trojan-activity;sid:84710096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.16.150.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846995/; classtype:trojan-activity;sid:84710095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846994)"; flow:established,from_client; content:"GET"; http_method; content:"/64d13237-e4d7-4848-bd9c-51b863213f81/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kadush-sideburnsushan.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846994/; classtype:trojan-activity;sid:84710094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.150.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846993/; classtype:trojan-activity;sid:84710093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846992/; classtype:trojan-activity;sid:84710092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846991)"; flow:established,from_client; content:"GET"; http_method; content:"/ce674904-0ade-43f2-ac12-b70da1b158e7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-session-gateway.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846991/; classtype:trojan-activity;sid:84710091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846990)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bbaaa8e4-6e5b-43b4-949e-8b454c94d1dc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"krc5t7kn.ripples-shark.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846990/; classtype:trojan-activity;sid:84710090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.150.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846989/; classtype:trojan-activity;sid:84710089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.222.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846988/; classtype:trojan-activity;sid:84710088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.189.30.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846987/; classtype:trojan-activity;sid:84710087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.50.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846986/; classtype:trojan-activity;sid:84710086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846985/; classtype:trojan-activity;sid:84710085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.137.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846984/; classtype:trojan-activity;sid:84710084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846983)"; flow:established,from_client; content:"GET"; http_method; content:"/61667fce-e2cb-4c61-a389-5690f8e88f50/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"inherittruckdoge.courses"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846983/; classtype:trojan-activity;sid:84710083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.42.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846982/; classtype:trojan-activity;sid:84710082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.50.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846981/; classtype:trojan-activity;sid:84710081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.187.101.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846980/; classtype:trojan-activity;sid:84710080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.176.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846979/; classtype:trojan-activity;sid:84710079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846978)"; flow:established,from_client; content:"GET"; http_method; content:"/7abbc2df-ef82-4065-93d0-6cad1a13b2d5/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"telemetrycore.courses"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846978/; classtype:trojan-activity;sid:84710078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846977/; classtype:trojan-activity;sid:84710077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846971)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/etmzaya.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846971/; classtype:trojan-activity;sid:84710071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846972)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/oumekpv.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846972/; classtype:trojan-activity;sid:84710072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846973)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/mhrhxwe.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846973/; classtype:trojan-activity;sid:84710073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846974)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/jroecxg.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846974/; classtype:trojan-activity;sid:84710074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846975)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/hjwouxy.aarch64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846975/; classtype:trojan-activity;sid:84710075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846976)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/ivrpuco.i486"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846976/; classtype:trojan-activity;sid:84710076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846966)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/android.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846966/; classtype:trojan-activity;sid:84710066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846967)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/yconpck.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846967/; classtype:trojan-activity;sid:84710067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846968)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/rsglkfk.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846968/; classtype:trojan-activity;sid:84710068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846969)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/whickdx.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846969/; classtype:trojan-activity;sid:84710069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846970)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/pjxxpbx.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846970/; classtype:trojan-activity;sid:84710070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846963)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/subvrpp.mips64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846963/; classtype:trojan-activity;sid:84710063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846964)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/dxconeq.i586"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846964/; classtype:trojan-activity;sid:84710064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846965)"; flow:established,from_client; content:"GET"; http_method; content:"/vc7/tvyhsow.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846965/; classtype:trojan-activity;sid:84710065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846962/; classtype:trojan-activity;sid:84710062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.228.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846961/; classtype:trojan-activity;sid:84710061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.187.101.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846960/; classtype:trojan-activity;sid:84710060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846959)"; flow:established,from_client; content:"GET"; http_method; content:"/eba67d3c-235f-42ce-9b81-680af0ece736/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cartwell-pastphantom.courses"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846959/; classtype:trojan-activity;sid:84710059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846958/; classtype:trojan-activity;sid:84710058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.181.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846957/; classtype:trojan-activity;sid:84710057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.178.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846956/; classtype:trojan-activity;sid:84710056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.228.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846955/; classtype:trojan-activity;sid:84710055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.54.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846954/; classtype:trojan-activity;sid:84710054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846953/; classtype:trojan-activity;sid:84710053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.42.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846952/; classtype:trojan-activity;sid:84710052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846951)"; flow:established,from_client; content:"GET"; http_method; content:"/06f10c6d-19bc-4317-ac57-dbf95e3fe3c9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-processing-network.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846951/; classtype:trojan-activity;sid:84710051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846950)"; flow:established,from_client; content:"GET"; http_method; content:"/1c4c6f08-91e7-48f5-824d-95afbd4a4064/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-processing-network.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846950/; classtype:trojan-activity;sid:84710050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.203.88.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846949/; classtype:trojan-activity;sid:84710049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846948)"; flow:established,from_client; content:"GET"; http_method; content:"/i/android.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"166.88.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846948/; classtype:trojan-activity;sid:84710048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846947/; classtype:trojan-activity;sid:84710047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.18.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846946/; classtype:trojan-activity;sid:84710046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846945)"; flow:established,from_client; content:"GET"; http_method; content:"/ce857951-9f2c-42b8-8a25-428b16935851/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-processing-network.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846945/; classtype:trojan-activity;sid:84710045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.37.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846944/; classtype:trojan-activity;sid:84710044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846943)"; flow:established,from_client; content:"GET"; http_method; content:"/848b17c1-37ea-4abf-a4ee-9c59c9a4f888/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-mesh-core.courses"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846943/; classtype:trojan-activity;sid:84710043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846942)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7336aa4b-663f-4b61-b139-4e946a7be996"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p4l3fctz.bitter-salty.digital"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846942/; classtype:trojan-activity;sid:84710042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.18.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846941/; classtype:trojan-activity;sid:84710041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.112.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846940/; classtype:trojan-activity;sid:84710040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.37.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846939/; classtype:trojan-activity;sid:84710039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.243.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846938/; classtype:trojan-activity;sid:84710038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846937)"; flow:established,from_client; content:"GET"; http_method; content:"/e9238b57-9112-46cd-a4ed-fa8a8cf04ec7/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microservicehub.courses"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846937/; classtype:trojan-activity;sid:84710037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846936/; classtype:trojan-activity;sid:84710036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.131.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846935/; classtype:trojan-activity;sid:84710035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.163.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846934/; classtype:trojan-activity;sid:84710034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.163.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846933/; classtype:trojan-activity;sid:84710033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846932/; classtype:trojan-activity;sid:84710032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.243.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846931/; classtype:trojan-activity;sid:84710031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846929)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/loader.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.113.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846929/; classtype:trojan-activity;sid:84710029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846930)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.233.113.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846930/; classtype:trojan-activity;sid:84710030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846928)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.113.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846928/; classtype:trojan-activity;sid:84710028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846927)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/loader.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.217.209.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846927/; classtype:trojan-activity;sid:84710027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846926/; classtype:trojan-activity;sid:84710026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.154.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846925/; classtype:trojan-activity;sid:84710025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.131.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846924/; classtype:trojan-activity;sid:84710024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846923)"; flow:established,from_client; content:"GET"; http_method; content:"/f8dc7215-b51d-4762-b7cd-08a21b0bba3b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packet-routing-lab.courses"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846923/; classtype:trojan-activity;sid:84710023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.191.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846922/; classtype:trojan-activity;sid:84710022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.208.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846921/; classtype:trojan-activity;sid:84710021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846920)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.214.78.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846920/; classtype:trojan-activity;sid:84710020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846919)"; flow:established,from_client; content:"GET"; http_method; content:"/354b7637-d386-4074-8286-cbcc7ae1a08f/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cloudruntime.courses"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846919/; classtype:trojan-activity;sid:84710019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot-amd64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.214.78.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846917/; classtype:trojan-activity;sid:84710017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot-arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.214.78.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846918/; classtype:trojan-activity;sid:84710018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot-mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.214.78.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846916/; classtype:trojan-activity;sid:84710016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot-mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.214.78.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846915/; classtype:trojan-activity;sid:84710015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846914/; classtype:trojan-activity;sid:84710014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.154.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846913/; classtype:trojan-activity;sid:84710013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846911)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.217.209.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846911/; classtype:trojan-activity;sid:84710011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846912)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.217.209.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846912/; classtype:trojan-activity;sid:84710012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846910)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846910/; classtype:trojan-activity;sid:84710010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846906)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846906/; classtype:trojan-activity;sid:84710006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846907)"; flow:established,from_client; content:"GET"; http_method; content:"/b.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846907/; classtype:trojan-activity;sid:84710007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846908)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846908/; classtype:trojan-activity;sid:84710008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846909/; classtype:trojan-activity;sid:84710009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846905)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846905/; classtype:trojan-activity;sid:84710005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846904/; classtype:trojan-activity;sid:84710004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846903/; classtype:trojan-activity;sid:84710003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846902/; classtype:trojan-activity;sid:84710002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846901/; classtype:trojan-activity;sid:84710001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846899/; classtype:trojan-activity;sid:84709999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846900/; classtype:trojan-activity;sid:84710000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846884/; classtype:trojan-activity;sid:84709984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/10"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846885/; classtype:trojan-activity;sid:84709985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846886)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846886/; classtype:trojan-activity;sid:84709986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846887)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846887/; classtype:trojan-activity;sid:84709987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846888)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846888/; classtype:trojan-activity;sid:84709988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846889/; classtype:trojan-activity;sid:84709989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846890)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846890/; classtype:trojan-activity;sid:84709990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846891)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846891/; classtype:trojan-activity;sid:84709991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846892)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/11"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846892/; classtype:trojan-activity;sid:84709992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846893/; classtype:trojan-activity;sid:84709993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846894)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846894/; classtype:trojan-activity;sid:84709994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846895/; classtype:trojan-activity;sid:84709995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846896/; classtype:trojan-activity;sid:84709996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/axis.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846897/; classtype:trojan-activity;sid:84709997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846898/; classtype:trojan-activity;sid:84709998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.208.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846883/; classtype:trojan-activity;sid:84709983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846882)"; flow:established,from_client; content:"GET"; http_method; content:"/0afb7780-04e8-40be-b342-45a8dd51c61e/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"coder-logic-vault.courses"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846882/; classtype:trojan-activity;sid:84709982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846881)"; flow:established,from_client; content:"GET"; http_method; content:"/7e533182-9ac1-48de-8948-ec74b0f1aee9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"coder-logic-vault.courses"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846881/; classtype:trojan-activity;sid:84709981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846880/; classtype:trojan-activity;sid:84709980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846879)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846879/; classtype:trojan-activity;sid:84709979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846878)"; flow:established,from_client; content:"GET"; http_method; content:"/x.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.163.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846878/; classtype:trojan-activity;sid:84709978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846877)"; flow:established,from_client; content:"GET"; http_method; content:"/f8c73b68-f542-4300-a89e-6d1778c42196/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"advanced-it-infrastructure.courses"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846877/; classtype:trojan-activity;sid:84709977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.56.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846876/; classtype:trojan-activity;sid:84709976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846875)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=64b46dad-5ad6-452a-bdcc-3ce3ad6767d6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sd9arw2r.flos-strip.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846875/; classtype:trojan-activity;sid:84709975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.56.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846874/; classtype:trojan-activity;sid:84709974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.102.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846873/; classtype:trojan-activity;sid:84709973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846872)"; flow:established,from_client; content:"GET"; http_method; content:"/0281b943-135c-4e7e-a18f-3a0caed9eff6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"enterprise-security-log.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846872/; classtype:trojan-activity;sid:84709972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846871)"; flow:established,from_client; content:"GET"; http_method; content:"/1e815954-32e3-4c4c-8e1a-c1ee19b912e6/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"quickwebdevops.courses"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846871/; classtype:trojan-activity;sid:84709971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.152.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846870/; classtype:trojan-activity;sid:84709970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.243.140.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846869/; classtype:trojan-activity;sid:84709969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.152.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846868/; classtype:trojan-activity;sid:84709968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846867)"; flow:established,from_client; content:"GET"; http_method; content:"/3da71941-fb0e-4331-ab54-9a79c00560e4/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-analytics-pro-guide.courses"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846867/; classtype:trojan-activity;sid:84709967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.215.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846866/; classtype:trojan-activity;sid:84709966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846865/; classtype:trojan-activity;sid:84709965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846864/; classtype:trojan-activity;sid:84709964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846863)"; flow:established,from_client; content:"GET"; http_method; content:"/851ed414-d2ca-4b11-a466-a9f58b025cc8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"masteringdigital-arch.courses"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846863/; classtype:trojan-activity;sid:84709963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.44.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846862/; classtype:trojan-activity;sid:84709962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.97.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846861/; classtype:trojan-activity;sid:84709961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.225.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846860/; classtype:trojan-activity;sid:84709960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846859)"; flow:established,from_client; content:"GET"; http_method; content:"/21.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.12.182.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846859/; classtype:trojan-activity;sid:84709959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846858)"; flow:established,from_client; content:"GET"; http_method; content:"/990fc840-f430-480b-9516-90758238ecf2/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"logic-buffer-skills.courses"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846858/; classtype:trojan-activity;sid:84709958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.44.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846857/; classtype:trojan-activity;sid:84709957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.183.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846856/; classtype:trojan-activity;sid:84709956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.183.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846855/; classtype:trojan-activity;sid:84709955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846854)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846854/; classtype:trojan-activity;sid:84709954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846852)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846852/; classtype:trojan-activity;sid:84709952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846853)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846853/; classtype:trojan-activity;sid:84709953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846848)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846848/; classtype:trojan-activity;sid:84709948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846849)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846849/; classtype:trojan-activity;sid:84709949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846850)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846850/; classtype:trojan-activity;sid:84709950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846851)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846851/; classtype:trojan-activity;sid:84709951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846847)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846847/; classtype:trojan-activity;sid:84709947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846846)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.29.156.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846846/; classtype:trojan-activity;sid:84709946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846845/; classtype:trojan-activity;sid:84709945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.225.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846844/; classtype:trojan-activity;sid:84709944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.178.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846843/; classtype:trojan-activity;sid:84709943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.2.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846842/; classtype:trojan-activity;sid:84709942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"130.12.181.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846841/; classtype:trojan-activity;sid:84709941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846840)"; flow:established,from_client; content:"GET"; http_method; content:"/65efc533-b83e-453a-b077-40dc11bfc29b/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"expert-trading-academy.courses"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846840/; classtype:trojan-activity;sid:84709940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.248.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846839/; classtype:trojan-activity;sid:84709939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846838)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=623d7ceb-aece-49c0-b48d-af8448485a0a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ws09ax4h.limous-nitout.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846838/; classtype:trojan-activity;sid:84709938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846837/; classtype:trojan-activity;sid:84709937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.181.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846836/; classtype:trojan-activity;sid:84709936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.56.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846835/; classtype:trojan-activity;sid:84709935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846834)"; flow:established,from_client; content:"GET"; http_method; content:"/db517e21-2d05-4ee9-960d-670ce7fe4cbd/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"smartworkflowmanagement.courses"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846834/; classtype:trojan-activity;sid:84709934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.153.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846833/; classtype:trojan-activity;sid:84709933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846832/; classtype:trojan-activity;sid:84709932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.2.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846831/; classtype:trojan-activity;sid:84709931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846830/; classtype:trojan-activity;sid:84709930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.237.44.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846829/; classtype:trojan-activity;sid:84709929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.119.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846828/; classtype:trojan-activity;sid:84709928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846827/; classtype:trojan-activity;sid:84709927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846826)"; flow:established,from_client; content:"GET"; http_method; content:"/655a1817-12cf-47d9-ae92-6a7092e43547/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-cyber-defense.courses"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846826/; classtype:trojan-activity;sid:84709926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.109.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846825/; classtype:trojan-activity;sid:84709925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.174.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846824/; classtype:trojan-activity;sid:84709924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846823)"; flow:established,from_client; content:"GET"; http_method; content:"/b6b778a2-9a7b-4b46-84c1-822dfdda5a21/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-cyber-defense.courses"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846823/; classtype:trojan-activity;sid:84709923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846822)"; flow:established,from_client; content:"GET"; http_method; content:"/b7f892e0-e5c3-4e36-9aa6-26e0daecc724/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"obese-table-usweb-play.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846822/; classtype:trojan-activity;sid:84709922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846821/; classtype:trojan-activity;sid:84709921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.101.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846820/; classtype:trojan-activity;sid:84709920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.153.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846819/; classtype:trojan-activity;sid:84709919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.97.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846818/; classtype:trojan-activity;sid:84709918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846817)"; flow:established,from_client; content:"GET"; http_method; content:"/62622778-096e-4c6b-abd0-0fc14d34237c/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"layer-obs-usget-tron.wiki"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846817/; classtype:trojan-activity;sid:84709917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846816/; classtype:trojan-activity;sid:84709916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846815/; classtype:trojan-activity;sid:84709915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846814)"; flow:established,from_client; content:"GET"; http_method; content:"/a99f888b-41bd-4e51-bcc0-653742cd92a8/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"layer-get-win-tron.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846814/; classtype:trojan-activity;sid:84709914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846813/; classtype:trojan-activity;sid:84709913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846809)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846809/; classtype:trojan-activity;sid:84709909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846810)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846810/; classtype:trojan-activity;sid:84709910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846811)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846811/; classtype:trojan-activity;sid:84709911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846812)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846812/; classtype:trojan-activity;sid:84709912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846807)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/yq62c9s.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846807/; classtype:trojan-activity;sid:84709907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846808)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_84d3c218647e61fe.cmd"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846808/; classtype:trojan-activity;sid:84709908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.36.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846806/; classtype:trojan-activity;sid:84709906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846805)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=874c5982-4444-41b9-9b08-cb7c70ce24cb"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ywh94lky.champag-mannered.digital"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846805/; classtype:trojan-activity;sid:84709905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846804)"; flow:established,from_client; content:"GET"; http_method; content:"/aeb4036d-536c-40b9-b8ab-9f8a2ef9cec5/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"card-oracle-mac-laptop.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846804/; classtype:trojan-activity;sid:84709904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.241.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846803/; classtype:trojan-activity;sid:84709903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846802)"; flow:established,from_client; content:"GET"; http_method; content:"/15ce3a08-7c9c-4292-b549-6f4bc27fb873/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"handout-voivo-desk-ship-link.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846802/; classtype:trojan-activity;sid:84709902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846801)"; flow:established,from_client; content:"GET"; http_method; content:"/7ba6e339-50bb-4db5-b1f8-2bc8118b7b23/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-voivo-system-shop-slink.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846801/; classtype:trojan-activity;sid:84709901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846800)"; flow:established,from_client; content:"GET"; http_method; content:"/files/admin/clipclap.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"41.216.188.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846800/; classtype:trojan-activity;sid:84709900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846799/; classtype:trojan-activity;sid:84709899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846795)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846795/; classtype:trojan-activity;sid:84709895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846796)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846796/; classtype:trojan-activity;sid:84709896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846797)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846797/; classtype:trojan-activity;sid:84709897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.167.74.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846798/; classtype:trojan-activity;sid:84709898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846791)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846791/; classtype:trojan-activity;sid:84709891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846792)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.aarch64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846792/; classtype:trojan-activity;sid:84709892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846793)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846793/; classtype:trojan-activity;sid:84709893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846794)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.powerpc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846794/; classtype:trojan-activity;sid:84709894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846790)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846790/; classtype:trojan-activity;sid:84709890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846789/; classtype:trojan-activity;sid:84709889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846788)"; flow:established,from_client; content:"GET"; http_method; content:"/files/big.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.217.208.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846788/; classtype:trojan-activity;sid:84709888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846787)"; flow:established,from_client; content:"GET"; http_method; content:"/6717bd2a-2cb6-4d1c-94fa-369d8db4a3e9/google.cl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-core-system-date-slink.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846787/; classtype:trojan-activity;sid:84709887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.71.131.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846786/; classtype:trojan-activity;sid:84709886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w4rr7.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"77.90.51.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846785/; classtype:trojan-activity;sid:84709885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w4rr7.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"77.90.51.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846784/; classtype:trojan-activity;sid:84709884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w4rr7.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"77.90.51.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846783/; classtype:trojan-activity;sid:84709883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w4rr7.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.90.51.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846781/; classtype:trojan-activity;sid:84709881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w4rr7.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"77.90.51.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846782/; classtype:trojan-activity;sid:84709882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.122.8.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846780/; classtype:trojan-activity;sid:84709880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.150.34.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846779/; classtype:trojan-activity;sid:84709879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.150.34.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846778/; classtype:trojan-activity;sid:84709878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846777)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.217.208.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846777/; classtype:trojan-activity;sid:84709877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.91.96.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846773/; classtype:trojan-activity;sid:84709873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.233.113.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846774/; classtype:trojan-activity;sid:84709874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"77.91.96.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846775/; classtype:trojan-activity;sid:84709875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.233.113.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846776/; classtype:trojan-activity;sid:84709876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846772)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.217.208.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846772/; classtype:trojan-activity;sid:84709872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.32.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846771/; classtype:trojan-activity;sid:84709871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.90.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846770/; classtype:trojan-activity;sid:84709870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846769/; classtype:trojan-activity;sid:84709869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846768)"; flow:established,from_client; content:"GET"; http_method; content:"/27/goodtimetowintheworld.hta"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"144.172.99.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846768/; classtype:trojan-activity;sid:84709868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846767)"; flow:established,from_client; content:"GET"; http_method; content:"/rau.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"zinixpro.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846767/; classtype:trojan-activity;sid:84709867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846766)"; flow:established,from_client; content:"GET"; http_method; content:"/leaks/a"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"zinixpro.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846766/; classtype:trojan-activity;sid:84709866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846765)"; flow:established,from_client; content:"GET"; http_method; content:"/scheldt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.143.1.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846765/; classtype:trojan-activity;sid:84709865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.246.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846764/; classtype:trojan-activity;sid:84709864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.92.1.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846763/; classtype:trojan-activity;sid:84709863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"84.54.33.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846762/; classtype:trojan-activity;sid:84709862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"84.54.33.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846760/; classtype:trojan-activity;sid:84709860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.92.1.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846761/; classtype:trojan-activity;sid:84709861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846759)"; flow:established,from_client; content:"GET"; http_method; content:"/tasksvc.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"84.54.33.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846759/; classtype:trojan-activity;sid:84709859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.207.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846758/; classtype:trojan-activity;sid:84709858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846757)"; flow:established,from_client; content:"GET"; http_method; content:"/d91de5e8-c661-4616-a6de-111fcc155b11/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stack-core-node-date-hash.wiki"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846757/; classtype:trojan-activity;sid:84709857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846756)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"84.54.33.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846756/; classtype:trojan-activity;sid:84709856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846755)"; flow:established,from_client; content:"GET"; http_method; content:"/.smart/premium.mp4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"eventsyouwant.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846755/; classtype:trojan-activity;sid:84709855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846754/; classtype:trojan-activity;sid:84709854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846753)"; flow:established,from_client; content:"GET"; http_method; content:"/mueiel09765.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846753/; classtype:trojan-activity;sid:84709853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846752)"; flow:established,from_client; content:"GET"; http_method; content:"/live-013-0512.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"144.208.127.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846752/; classtype:trojan-activity;sid:84709852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846749)"; flow:established,from_client; content:"GET"; http_method; content:"/v5pfpu6s/digitalprintfilfaster.msi"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"85.239.144.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846749/; classtype:trojan-activity;sid:84709849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846750)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8635093259/axjwj5z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846750/; classtype:trojan-activity;sid:84709850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846751)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8635093259/uatadgy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846751/; classtype:trojan-activity;sid:84709851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846748)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_211940.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.13.77.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846748/; classtype:trojan-activity;sid:84709848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846747)"; flow:established,from_client; content:"GET"; http_method; content:"/img_000636.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nbf101.great-site.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846747/; classtype:trojan-activity;sid:84709847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846745)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_211940.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"updatedserver.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846745/; classtype:trojan-activity;sid:84709845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846746)"; flow:established,from_client; content:"GET"; http_method; content:"/img_094607.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"domsemblevideo.42web.io"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846746/; classtype:trojan-activity;sid:84709846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846741)"; flow:established,from_client; content:"GET"; http_method; content:"/wner/img_054845.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"apparelgate.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846741/; classtype:trojan-activity;sid:84709841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.172.117.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846742/; classtype:trojan-activity;sid:84709842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846743)"; flow:established,from_client; content:"GET"; http_method; content:"/img_011948.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"crypterrr.42web.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846743/; classtype:trojan-activity;sid:84709843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846744)"; flow:established,from_client; content:"GET"; http_method; content:"/img_131417.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"domsemblevideo.42web.io"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846744/; classtype:trojan-activity;sid:84709844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846740)"; flow:established,from_client; content:"GET"; http_method; content:"/img_232639.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kukere.42web.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846740/; classtype:trojan-activity;sid:84709840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846739)"; flow:established,from_client; content:"GET"; http_method; content:"/rulonnoe/|3f|ysclid=mp5a14eekd139909245"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"xn--80akpgkmjf.xn--p1ai"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846739/; classtype:trojan-activity;sid:84709839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846738)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_133323.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"updatedserverrr.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846738/; classtype:trojan-activity;sid:84709838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846736)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_105924.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"digobkp.store"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846736/; classtype:trojan-activity;sid:84709836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846737)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_227383c3dbb38c3e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846737/; classtype:trojan-activity;sid:84709837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846734)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_115437.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"emaisboletos.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846734/; classtype:trojan-activity;sid:84709834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846735)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_020716.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"updatedserver.shop"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846735/; classtype:trojan-activity;sid:84709835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846733)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_234900.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vidacaninapet.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846733/; classtype:trojan-activity;sid:84709833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846730)"; flow:established,from_client; content:"GET"; http_method; content:"/project/zedd.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"myzedd.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846730/; classtype:trojan-activity;sid:84709830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846731)"; flow:established,from_client; content:"GET"; http_method; content:"/d/631858"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"download-api-endpoint.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846731/; classtype:trojan-activity;sid:84709831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846732)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_070903.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"grantexx.gr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846732/; classtype:trojan-activity;sid:84709832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846729)"; flow:established,from_client; content:"GET"; http_method; content:"/bql6ni355agdginanj"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"85.239.144.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846729/; classtype:trojan-activity;sid:84709829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846723)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_095637.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"digobkp.store"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846723/; classtype:trojan-activity;sid:84709823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846724)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_095637.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"digobkp.store"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846724/; classtype:trojan-activity;sid:84709824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846725)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_114748.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"proemails.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846725/; classtype:trojan-activity;sid:84709825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846726)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_100912.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"falacerta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846726/; classtype:trojan-activity;sid:84709826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846727)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_103920.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"digobkp.store"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846727/; classtype:trojan-activity;sid:84709827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846728)"; flow:established,from_client; content:"GET"; http_method; content:"/v5pfpu6s/setup_s3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"85.239.144.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846728/; classtype:trojan-activity;sid:84709828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846721)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_61993a7ebdf7fa70.cmd"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846721/; classtype:trojan-activity;sid:84709821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846722)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f8a7e57f50a6ddef.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846722/; classtype:trojan-activity;sid:84709822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.13.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846720/; classtype:trojan-activity;sid:84709820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846719)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1445797339582431235/1504170058425827498/system.exe|3f|ex=6a060308|7c|26|7c|is=6a04b188|7c|26|7c|hm=beaf5165c4f5934419ba254189d5a16341177a0e672bca5e2e58b04679848f26|7c|26|7c|"; http_uri; depth:186; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846719/; classtype:trojan-activity;sid:84709819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846718/; classtype:trojan-activity;sid:84709818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846716)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c0d2eb6a8b73120b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846716/; classtype:trojan-activity;sid:84709816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846717)"; flow:established,from_client; content:"GET"; http_method; content:"/download/19342100/bc2a21b704ec228b6074/cherry626.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"www.upload.ee"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846717/; classtype:trojan-activity;sid:84709817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846714)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_84ed2bb0805178f4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846714/; classtype:trojan-activity;sid:84709814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846715)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e54e8523b405bfd9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846715/; classtype:trojan-activity;sid:84709815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846713)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0a7a9a3a-db16-466d-a0d6-989d44c68b21"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4oob20cq.sue-intentioned.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846713/; classtype:trojan-activity;sid:84709813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846712)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.153.34.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846712/; classtype:trojan-activity;sid:84709812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.223.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846711/; classtype:trojan-activity;sid:84709811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846710)"; flow:established,from_client; content:"GET"; http_method; content:"/files/admin/blueline.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.230.201.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846710/; classtype:trojan-activity;sid:84709810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846709)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.109.200.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846709/; classtype:trojan-activity;sid:84709809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846707)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846707/; classtype:trojan-activity;sid:84709807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846708)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846708/; classtype:trojan-activity;sid:84709808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846705)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5626872516/kwvnwwy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846705/; classtype:trojan-activity;sid:84709805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846706)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_85d2c85927c9d169.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846706/; classtype:trojan-activity;sid:84709806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846702)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lel/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846702/; classtype:trojan-activity;sid:84709802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846703)"; flow:established,from_client; content:"GET"; http_method; content:"/files/file_f62e597c9e278a4b.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846703/; classtype:trojan-activity;sid:84709803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846704)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_28c231b33781e48d.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846704/; classtype:trojan-activity;sid:84709804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846701/; classtype:trojan-activity;sid:84709801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846700/; classtype:trojan-activity;sid:84709800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846699/; classtype:trojan-activity;sid:84709799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846698)"; flow:established,from_client; content:"GET"; http_method; content:"/f5e188ee-d234-49ed-bbd1-24d08d4c7196/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-infra-node-date-hash.wiki"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846698/; classtype:trojan-activity;sid:84709798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.216.14.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846697/; classtype:trojan-activity;sid:84709797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846696/; classtype:trojan-activity;sid:84709796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.207.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846695/; classtype:trojan-activity;sid:84709795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.191.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846694/; classtype:trojan-activity;sid:84709794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846693)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.102.115.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846693/; classtype:trojan-activity;sid:84709793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846692)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.102.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846692/; classtype:trojan-activity;sid:84709792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846691)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.102.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846691/; classtype:trojan-activity;sid:84709791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.236.252.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846690/; classtype:trojan-activity;sid:84709790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.236.252.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846689/; classtype:trojan-activity;sid:84709789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.84.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846688/; classtype:trojan-activity;sid:84709788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846687)"; flow:established,from_client; content:"GET"; http_method; content:"/260da37e-0551-4ada-a28e-d8fc8369003f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-infra-logic-get-hash.wiki"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846687/; classtype:trojan-activity;sid:84709787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846683/; classtype:trojan-activity;sid:84709783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846684/; classtype:trojan-activity;sid:84709784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846685/; classtype:trojan-activity;sid:84709785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846686/; classtype:trojan-activity;sid:84709786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846676/; classtype:trojan-activity;sid:84709776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846677/; classtype:trojan-activity;sid:84709777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846678/; classtype:trojan-activity;sid:84709778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846679/; classtype:trojan-activity;sid:84709779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846680/; classtype:trojan-activity;sid:84709780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846681/; classtype:trojan-activity;sid:84709781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846682/; classtype:trojan-activity;sid:84709782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846674/; classtype:trojan-activity;sid:84709774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846675/; classtype:trojan-activity;sid:84709775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846673/; classtype:trojan-activity;sid:84709773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846672)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846672/; classtype:trojan-activity;sid:84709772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.92.1.213"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846671/; classtype:trojan-activity;sid:84709771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846670/; classtype:trojan-activity;sid:84709770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846667)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846667/; classtype:trojan-activity;sid:84709767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846668)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846668/; classtype:trojan-activity;sid:84709768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846669)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846669/; classtype:trojan-activity;sid:84709769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846666)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.aarch64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846666/; classtype:trojan-activity;sid:84709766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846665)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846665/; classtype:trojan-activity;sid:84709765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.216.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846664/; classtype:trojan-activity;sid:84709764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846652)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846652/; classtype:trojan-activity;sid:84709752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846653)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846653/; classtype:trojan-activity;sid:84709753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846654)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846654/; classtype:trojan-activity;sid:84709754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846655)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846655/; classtype:trojan-activity;sid:84709755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846656)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846656/; classtype:trojan-activity;sid:84709756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846657)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846657/; classtype:trojan-activity;sid:84709757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846658)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846658/; classtype:trojan-activity;sid:84709758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846659)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846659/; classtype:trojan-activity;sid:84709759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846660)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846660/; classtype:trojan-activity;sid:84709760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846661)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846661/; classtype:trojan-activity;sid:84709761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846662)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846662/; classtype:trojan-activity;sid:84709762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846663)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"176.65.139.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846663/; classtype:trojan-activity;sid:84709763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846651)"; flow:established,from_client; content:"GET"; http_method; content:"/ecb2c516-4dc5-407e-a9fb-45e197c7aee6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hypervisor-resource-grid.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846651/; classtype:trojan-activity;sid:84709751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.154.98.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846648/; classtype:trojan-activity;sid:84709748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.154.98.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846649/; classtype:trojan-activity;sid:84709749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.241.208.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846650/; classtype:trojan-activity;sid:84709750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.36.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846647/; classtype:trojan-activity;sid:84709747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"124.198.131.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846646/; classtype:trojan-activity;sid:84709746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"124.198.131.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846645/; classtype:trojan-activity;sid:84709745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846644/; classtype:trojan-activity;sid:84709744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.33.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846642/; classtype:trojan-activity;sid:84709742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.246.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846643/; classtype:trojan-activity;sid:84709743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.216.14.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846641/; classtype:trojan-activity;sid:84709741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846640)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846640/; classtype:trojan-activity;sid:84709740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846636)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846636/; classtype:trojan-activity;sid:84709736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846637)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsrouter"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846637/; classtype:trojan-activity;sid:84709737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846638)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846638/; classtype:trojan-activity;sid:84709738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846639)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846639/; classtype:trojan-activity;sid:84709739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846633)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846633/; classtype:trojan-activity;sid:84709733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846634)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846634/; classtype:trojan-activity;sid:84709734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846635)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846635/; classtype:trojan-activity;sid:84709735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846629)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846629/; classtype:trojan-activity;sid:84709729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846630)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846630/; classtype:trojan-activity;sid:84709730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846631)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846631/; classtype:trojan-activity;sid:84709731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846632)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846632/; classtype:trojan-activity;sid:84709732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846628)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846628/; classtype:trojan-activity;sid:84709728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846627)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846627/; classtype:trojan-activity;sid:84709727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.216.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846626/; classtype:trojan-activity;sid:84709726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.190.23.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846625/; classtype:trojan-activity;sid:84709725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846624/; classtype:trojan-activity;sid:84709724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.49.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846623/; classtype:trojan-activity;sid:84709723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846622)"; flow:established,from_client; content:"GET"; http_method; content:"/67a72c79-81bb-426d-9600-a94ef04a9f3e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"asynchronous-message-routing-framework.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846622/; classtype:trojan-activity;sid:84709722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846621/; classtype:trojan-activity;sid:84709721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.40.77.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846620/; classtype:trojan-activity;sid:84709720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.21.174.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846619/; classtype:trojan-activity;sid:84709719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846618)"; flow:established,from_client; content:"GET"; http_method; content:"/2640e5d2-eb61-4e55-ad76-839747778aa9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"telemetry-stream-hub.wiki"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846618/; classtype:trojan-activity;sid:84709718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.190.23.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846617/; classtype:trojan-activity;sid:84709717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.223.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846616/; classtype:trojan-activity;sid:84709716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.49.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846615/; classtype:trojan-activity;sid:84709715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.83.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846614/; classtype:trojan-activity;sid:84709714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.12.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846613/; classtype:trojan-activity;sid:84709713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846612)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=116eaccf-4fd5-4af0-9842-a2a69c4f85e9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8xorq0f0.after-diacritic.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846612/; classtype:trojan-activity;sid:84709712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846611)"; flow:established,from_client; content:"GET"; http_method; content:"/f4b68dac-766d-43f1-85dc-a66eb321db00/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federated-storage-cluster-system.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846611/; classtype:trojan-activity;sid:84709711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846610/; classtype:trojan-activity;sid:84709710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.153.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846609/; classtype:trojan-activity;sid:84709709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.162.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846608/; classtype:trojan-activity;sid:84709708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846607)"; flow:established,from_client; content:"GET"; http_method; content:"/2e9cfcf6-65db-4606-8f21-f1666043c88d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microservice-control-plane-node.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846607/; classtype:trojan-activity;sid:84709707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.129.12.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846606/; classtype:trojan-activity;sid:84709706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.57.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846605/; classtype:trojan-activity;sid:84709705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.10.132.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846604/; classtype:trojan-activity;sid:84709704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846603)"; flow:established,from_client; content:"GET"; http_method; content:"/f2824239-0f1f-4a43-bcf2-574055731de6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cloud-infrastructure-management-platform.wiki"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846603/; classtype:trojan-activity;sid:84709703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.150.252.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846602/; classtype:trojan-activity;sid:84709702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846601)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846601/; classtype:trojan-activity;sid:84709701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.10.132.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846600/; classtype:trojan-activity;sid:84709700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846599)"; flow:established,from_client; content:"GET"; http_method; content:"/c850bf60-243d-4cbb-b6ab-80f4def598ab/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"edge-processing-network.wiki"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846599/; classtype:trojan-activity;sid:84709699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846598/; classtype:trojan-activity;sid:84709698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.150.252.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846597/; classtype:trojan-activity;sid:84709697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.255.30.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846596/; classtype:trojan-activity;sid:84709696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846595)"; flow:established,from_client; content:"GET"; http_method; content:"/0aeb1308-ff90-48e8-bb16-519020f325b8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-runtime-orchestration-engine.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846595/; classtype:trojan-activity;sid:84709695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.217.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846594/; classtype:trojan-activity;sid:84709694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846593/; classtype:trojan-activity;sid:84709693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846592/; classtype:trojan-activity;sid:84709692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846591/; classtype:trojan-activity;sid:84709691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.207.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846590/; classtype:trojan-activity;sid:84709690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846578)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846578/; classtype:trojan-activity;sid:84709678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846579)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846579/; classtype:trojan-activity;sid:84709679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846580)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846580/; classtype:trojan-activity;sid:84709680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846581)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846581/; classtype:trojan-activity;sid:84709681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846582)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846582/; classtype:trojan-activity;sid:84709682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846583)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846583/; classtype:trojan-activity;sid:84709683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846584)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846584/; classtype:trojan-activity;sid:84709684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846585)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846585/; classtype:trojan-activity;sid:84709685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846586)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846586/; classtype:trojan-activity;sid:84709686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846587)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846587/; classtype:trojan-activity;sid:84709687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846588)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846588/; classtype:trojan-activity;sid:84709688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846589)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.149.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846589/; classtype:trojan-activity;sid:84709689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846577)"; flow:established,from_client; content:"GET"; http_method; content:"/6c62a2a9-703e-42c7-bf00-759e9c9e21ab/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-cache-storage-layer.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846577/; classtype:trojan-activity;sid:84709677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.194.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846576/; classtype:trojan-activity;sid:84709676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846575)"; flow:established,from_client; content:"GET"; http_method; content:"/900dd387-42c2-449e-b5f8-4b59279d3eb5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-cache-storage-layer.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846575/; classtype:trojan-activity;sid:84709675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846574)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7f21d227-1b8c-4c85-8ed9-d35f3d789776"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"t7osftz9.estat-goldilock.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846574/; classtype:trojan-activity;sid:84709674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846573)"; flow:established,from_client; content:"GET"; http_method; content:"/f6f6d3e2-72b0-4441-959a-fd4cbe9c248a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-cache-storage-layer.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846573/; classtype:trojan-activity;sid:84709673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.40.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846572/; classtype:trojan-activity;sid:84709672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846571/; classtype:trojan-activity;sid:84709671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.246.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846570/; classtype:trojan-activity;sid:84709670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846569/; classtype:trojan-activity;sid:84709669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.33.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846568/; classtype:trojan-activity;sid:84709668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846567)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b9802600-6dbd-431d-9776-3bf2c4f79826"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bq99ksyi.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846567/; classtype:trojan-activity;sid:84709667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.184.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846566/; classtype:trojan-activity;sid:84709666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846565/; classtype:trojan-activity;sid:84709665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846564)"; flow:established,from_client; content:"GET"; http_method; content:"/424567a5-eb5c-4b5e-bce3-eacf5b8df971/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-cache-storage-layer.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846564/; classtype:trojan-activity;sid:84709664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.140.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846563/; classtype:trojan-activity;sid:84709663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.140.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846562/; classtype:trojan-activity;sid:84709662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.225.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846561/; classtype:trojan-activity;sid:84709661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.184.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846560/; classtype:trojan-activity;sid:84709660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846559)"; flow:established,from_client; content:"GET"; http_method; content:"/807c3881-26e3-42b3-8737-15fdc96d991c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-cache-storage-layer.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846559/; classtype:trojan-activity;sid:84709659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846558)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846558/; classtype:trojan-activity;sid:84709658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.225.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846557/; classtype:trojan-activity;sid:84709657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846556)"; flow:established,from_client; content:"GET"; http_method; content:"/58ca6267-9c52-473b-a724-01e4ee71f78e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-routing-gateway.wiki"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846556/; classtype:trojan-activity;sid:84709656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.229.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846555/; classtype:trojan-activity;sid:84709655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846554/; classtype:trojan-activity;sid:84709654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846553)"; flow:established,from_client; content:"GET"; http_method; content:"/f01d8ba9-cd08-4663-90ce-c6db2fb38768/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"desk-sensor-tabel-tunnel-key.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846553/; classtype:trojan-activity;sid:84709653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.16.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846552/; classtype:trojan-activity;sid:84709652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.29.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846551/; classtype:trojan-activity;sid:84709651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.29.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846550/; classtype:trojan-activity;sid:84709650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.111.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846549/; classtype:trojan-activity;sid:84709649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846548)"; flow:established,from_client; content:"GET"; http_method; content:"/12d0af6a-a86c-415d-bb4c-5aadc289f186/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"engine-block-tabel-stream-key.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846548/; classtype:trojan-activity;sid:84709648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.202.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846547/; classtype:trojan-activity;sid:84709647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846546/; classtype:trojan-activity;sid:84709646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846545)"; flow:established,from_client; content:"GET"; http_method; content:"/92c764c1-ff82-4023-a702-309971bc7633/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"binary-block-tabel-expert-get.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846545/; classtype:trojan-activity;sid:84709645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.202.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846544/; classtype:trojan-activity;sid:84709644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846543)"; flow:established,from_client; content:"GET"; http_method; content:"/f9676fa8-b8b2-43b4-87d3-f6119c3f0334/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"binary-block-state-collection.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846543/; classtype:trojan-activity;sid:84709643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846542)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7066060f-9d7e-4711-8de8-024882058851"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qe74wzzp.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846542/; classtype:trojan-activity;sid:84709642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.233.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846541/; classtype:trojan-activity;sid:84709641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846540/; classtype:trojan-activity;sid:84709640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846539/; classtype:trojan-activity;sid:84709639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.215.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846538/; classtype:trojan-activity;sid:84709638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.83.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846537/; classtype:trojan-activity;sid:84709637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846536)"; flow:established,from_client; content:"GET"; http_method; content:"/c64d4fb9-ead4-41fb-9029-6664aaef4b24/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"byte-stream-encryption-standard-base.wiki"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846536/; classtype:trojan-activity;sid:84709636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.116.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846535/; classtype:trojan-activity;sid:84709635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846534)"; flow:established,from_client; content:"GET"; http_method; content:"/977d39d8-5d31-4a5a-a92f-8180ba3da926/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"trace-route-diagnostic-signal-map.wiki"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846534/; classtype:trojan-activity;sid:84709634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.42.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846533/; classtype:trojan-activity;sid:84709633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846532/; classtype:trojan-activity;sid:84709632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846531/; classtype:trojan-activity;sid:84709631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.105.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846530/; classtype:trojan-activity;sid:84709630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.251.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846529/; classtype:trojan-activity;sid:84709629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846528/; classtype:trojan-activity;sid:84709628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846527)"; flow:established,from_client; content:"GET"; http_method; content:"/9addae9f-a2b1-4e8f-bb5d-40db06aa3edc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kernel-patch-update-release-history.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846527/; classtype:trojan-activity;sid:84709627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.251.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846526/; classtype:trojan-activity;sid:84709626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.40.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846525/; classtype:trojan-activity;sid:84709625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846524/; classtype:trojan-activity;sid:84709624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.105.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846523/; classtype:trojan-activity;sid:84709623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846522)"; flow:established,from_client; content:"GET"; http_method; content:"/8f17c972-8dcd-48e2-9699-dd33797c674c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"meta-data-shredding-cleanup-utility.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846522/; classtype:trojan-activity;sid:84709622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846520/; classtype:trojan-activity;sid:84709620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.196.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846521/; classtype:trojan-activity;sid:84709621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.44.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846519/; classtype:trojan-activity;sid:84709619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846518/; classtype:trojan-activity;sid:84709618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846517/; classtype:trojan-activity;sid:84709617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846516)"; flow:established,from_client; content:"GET"; http_method; content:"/38435a52-4879-40be-aba3-b5f64322ae6a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"remote-sensor-proxy-tunnel-config.wiki"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846516/; classtype:trojan-activity;sid:84709616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.196.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846515/; classtype:trojan-activity;sid:84709615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846514)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f61eb22b-2132-4e56-bbbf-7bdeb503aea8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9xbc3jzp.disorientbreak.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846514/; classtype:trojan-activity;sid:84709614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846513/; classtype:trojan-activity;sid:84709613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846512)"; flow:established,from_client; content:"GET"; http_method; content:"/c75a1bce-85a6-4ae2-bcd2-b599a5593d83/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stat-collection-engine-performance-view.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846512/; classtype:trojan-activity;sid:84709612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846511/; classtype:trojan-activity;sid:84709611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.90.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846510/; classtype:trojan-activity;sid:84709610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.224.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846509/; classtype:trojan-activity;sid:84709609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846508/; classtype:trojan-activity;sid:84709608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.86.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846507/; classtype:trojan-activity;sid:84709607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.16.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846506/; classtype:trojan-activity;sid:84709606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846505/; classtype:trojan-activity;sid:84709605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846504)"; flow:established,from_client; content:"GET"; http_method; content:"/c77fde23-9bbf-411a-9ac1-54d8e37782dd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"binary-buffer-overflow-protection-lab.wiki"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846504/; classtype:trojan-activity;sid:84709604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846503/; classtype:trojan-activity;sid:84709603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.215.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846502/; classtype:trojan-activity;sid:84709602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.224.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846501/; classtype:trojan-activity;sid:84709601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.217.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846500/; classtype:trojan-activity;sid:84709600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846499)"; flow:established,from_client; content:"GET"; http_method; content:"/21e19164-f354-4f6d-a26e-ea3c43ac773a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"analytical-traffic-audit-record-file.wiki"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846499/; classtype:trojan-activity;sid:84709599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846496/; classtype:trojan-activity;sid:84709596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mipsel_softfloat"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846497/; classtype:trojan-activity;sid:84709597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846498/; classtype:trojan-activity;sid:84709598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_386"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846494/; classtype:trojan-activity;sid:84709594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_amd64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846495/; classtype:trojan-activity;sid:84709595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846493/; classtype:trojan-activity;sid:84709593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846486/; classtype:trojan-activity;sid:84709586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.dbg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846487/; classtype:trojan-activity;sid:84709587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846488/; classtype:trojan-activity;sid:84709588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846489/; classtype:trojan-activity;sid:84709589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846490/; classtype:trojan-activity;sid:84709590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846491/; classtype:trojan-activity;sid:84709591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846492/; classtype:trojan-activity;sid:84709592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846485/; classtype:trojan-activity;sid:84709585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846484/; classtype:trojan-activity;sid:84709584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846482/; classtype:trojan-activity;sid:84709582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846483/; classtype:trojan-activity;sid:84709583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.158.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846481/; classtype:trojan-activity;sid:84709581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846475/; classtype:trojan-activity;sid:84709575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_ppc64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846476/; classtype:trojan-activity;sid:84709576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846477/; classtype:trojan-activity;sid:84709577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips_softfloat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846478/; classtype:trojan-activity;sid:84709578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips_hardfloat"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846479/; classtype:trojan-activity;sid:84709579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mipsel_hardfloat"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846480/; classtype:trojan-activity;sid:84709580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_ppc64el"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846474/; classtype:trojan-activity;sid:84709574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_mips64el"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846473/; classtype:trojan-activity;sid:84709573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846472/; classtype:trojan-activity;sid:84709572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846461/; classtype:trojan-activity;sid:84709561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846462)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846462/; classtype:trojan-activity;sid:84709562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846463/; classtype:trojan-activity;sid:84709563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846464)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846464/; classtype:trojan-activity;sid:84709564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846465/; classtype:trojan-activity;sid:84709565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846466/; classtype:trojan-activity;sid:84709566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846467)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846467/; classtype:trojan-activity;sid:84709567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846468/; classtype:trojan-activity;sid:84709568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846469/; classtype:trojan-activity;sid:84709569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.ppc440"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846470/; classtype:trojan-activity;sid:84709570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846471/; classtype:trojan-activity;sid:84709571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/linux_ak.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846459/; classtype:trojan-activity;sid:84709559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846460/; classtype:trojan-activity;sid:84709560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846458/; classtype:trojan-activity;sid:84709558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846456)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846456/; classtype:trojan-activity;sid:84709556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/manji.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846457/; classtype:trojan-activity;sid:84709557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.105.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846455/; classtype:trojan-activity;sid:84709555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.215.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846454/; classtype:trojan-activity;sid:84709554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846453/; classtype:trojan-activity;sid:84709553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846450)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846450/; classtype:trojan-activity;sid:84709550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846451)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846451/; classtype:trojan-activity;sid:84709551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846452)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846452/; classtype:trojan-activity;sid:84709552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.39.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846449/; classtype:trojan-activity;sid:84709549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846448)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846448/; classtype:trojan-activity;sid:84709548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.86.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846446/; classtype:trojan-activity;sid:84709546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846447)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.141.92.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846447/; classtype:trojan-activity;sid:84709547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846445)"; flow:established,from_client; content:"GET"; http_method; content:"/acf985c0-529f-4299-865d-438d99060aee/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hardware-resource-monitor-tool-box.wiki"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846445/; classtype:trojan-activity;sid:84709545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846444/; classtype:trojan-activity;sid:84709544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.194.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846443/; classtype:trojan-activity;sid:84709543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.39.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846442/; classtype:trojan-activity;sid:84709542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.105.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846441/; classtype:trojan-activity;sid:84709541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846440)"; flow:established,from_client; content:"GET"; http_method; content:"/ac76e26e-ae29-4693-80e6-e02bc7e11dbc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"crypt-algorithm-analysis-expert-board.wiki"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846440/; classtype:trojan-activity;sid:84709540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846439/; classtype:trojan-activity;sid:84709539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846438)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7b0863ee-88ee-4705-b288-07cb0c301f33"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"i0zaakp5.monotheism-sled.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846438/; classtype:trojan-activity;sid:84709538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.37.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846437/; classtype:trojan-activity;sid:84709537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.149.146.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846436/; classtype:trojan-activity;sid:84709536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846435)"; flow:established,from_client; content:"GET"; http_method; content:"/7eb749d9-f1bd-4d75-9e6a-ca1ed72667d7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"brightestprocexchange.wiki"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846435/; classtype:trojan-activity;sid:84709535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846434)"; flow:established,from_client; content:"GET"; http_method; content:"/selfrep.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846434/; classtype:trojan-activity;sid:84709534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846433)"; flow:established,from_client; content:"GET"; http_method; content:"/load.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846433/; classtype:trojan-activity;sid:84709533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846432/; classtype:trojan-activity;sid:84709532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846431/; classtype:trojan-activity;sid:84709531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.36.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846430/; classtype:trojan-activity;sid:84709530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846429)"; flow:established,from_client; content:"GET"; http_method; content:"/18f833d8-de43-4fb5-8bac-a956741fead6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"antiq-telegraphyproduct.wiki"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846429/; classtype:trojan-activity;sid:84709529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.149.146.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846428/; classtype:trojan-activity;sid:84709528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.36.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846427/; classtype:trojan-activity;sid:84709527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.161.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846426/; classtype:trojan-activity;sid:84709526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.229.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846425/; classtype:trojan-activity;sid:84709525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.25.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846424/; classtype:trojan-activity;sid:84709524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.35.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846423/; classtype:trojan-activity;sid:84709523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.156.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846422/; classtype:trojan-activity;sid:84709522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846421)"; flow:established,from_client; content:"GET"; http_method; content:"/77321903-788b-4544-acb8-8a4866e56080/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"beacontweezersbinge.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846421/; classtype:trojan-activity;sid:84709521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.161.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846419/; classtype:trojan-activity;sid:84709519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.159.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846420/; classtype:trojan-activity;sid:84709520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.110.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846418/; classtype:trojan-activity;sid:84709518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.156.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846417/; classtype:trojan-activity;sid:84709517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.149.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846416/; classtype:trojan-activity;sid:84709516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.31.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846415/; classtype:trojan-activity;sid:84709515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.35.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846414/; classtype:trojan-activity;sid:84709514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846413)"; flow:established,from_client; content:"GET"; http_method; content:"/9c691927-6dca-40a2-9484-b59adef99719/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"medicin-morisomtobeafraid.wiki"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846413/; classtype:trojan-activity;sid:84709513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.110.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846412/; classtype:trojan-activity;sid:84709512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846411/; classtype:trojan-activity;sid:84709511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.39.12.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846410/; classtype:trojan-activity;sid:84709510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846409)"; flow:established,from_client; content:"GET"; http_method; content:"/602df357-d594-48c5-8b36-1834dbfb8c97/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"immersevocalistidleness.wiki"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846409/; classtype:trojan-activity;sid:84709509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846408/; classtype:trojan-activity;sid:84709508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.106.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846407/; classtype:trojan-activity;sid:84709507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846406/; classtype:trojan-activity;sid:84709506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846405)"; flow:established,from_client; content:"GET"; http_method; content:"/00b9126d-7dc2-4259-8d0f-1b05def60d39/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"conjur-kremlinshort.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846405/; classtype:trojan-activity;sid:84709505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846404)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0411697c-1539-403f-b8d8-a1120d9a7329"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"64bc33vp.chequecholeric.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846404/; classtype:trojan-activity;sid:84709504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846403/; classtype:trojan-activity;sid:84709503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846402)"; flow:established,from_client; content:"GET"; http_method; content:"/82ecab99-0a61-4fd2-b14e-bb8e3eaa7ff6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"patenttag.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846402/; classtype:trojan-activity;sid:84709502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.31.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846401/; classtype:trojan-activity;sid:84709501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.65.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846400/; classtype:trojan-activity;sid:84709500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.65.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846399/; classtype:trojan-activity;sid:84709499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.75.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846398/; classtype:trojan-activity;sid:84709498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.242.14.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846397/; classtype:trojan-activity;sid:84709497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.149.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846396/; classtype:trojan-activity;sid:84709496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846395/; classtype:trojan-activity;sid:84709495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846394/; classtype:trojan-activity;sid:84709494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846393)"; flow:established,from_client; content:"GET"; http_method; content:"/980ea300-72b6-4e01-82fc-5dfb2d50f575/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hemorrhoid-daydark.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846393/; classtype:trojan-activity;sid:84709493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846392/; classtype:trojan-activity;sid:84709492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.149.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846391/; classtype:trojan-activity;sid:84709491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.243.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846390/; classtype:trojan-activity;sid:84709490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.55.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846389/; classtype:trojan-activity;sid:84709489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846388/; classtype:trojan-activity;sid:84709488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846387)"; flow:established,from_client; content:"GET"; http_method; content:"/c296cae2-c1da-494d-b4cd-262311efebb9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"scalpingstillephemer-natorel.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846387/; classtype:trojan-activity;sid:84709487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.32.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846386/; classtype:trojan-activity;sid:84709486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846385/; classtype:trojan-activity;sid:84709485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.164.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846384/; classtype:trojan-activity;sid:84709484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846383)"; flow:established,from_client; content:"GET"; http_method; content:"/f74e746c-4931-4651-bc4e-871a24a29c69/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hemorrhoid-daydark.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846383/; classtype:trojan-activity;sid:84709483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.90.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846382/; classtype:trojan-activity;sid:84709482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.81.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846381/; classtype:trojan-activity;sid:84709481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846380)"; flow:established,from_client; content:"GET"; http_method; content:"/f73b95d7-5072-411a-b833-b15d92d4961f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"scalpingstillephemer-natorel.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846380/; classtype:trojan-activity;sid:84709480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.92.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846379/; classtype:trojan-activity;sid:84709479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.90.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846378/; classtype:trojan-activity;sid:84709478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846377)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9e7b63eb-382a-4bc3-ba24-ba660743cce8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m1rz16og.poles-wrinkle.digital"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846377/; classtype:trojan-activity;sid:84709477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846376)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3fce5bc3-12bf-4856-a3ce-15cd0ad531f3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"op1h26r1.exhaustoverwint.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846376/; classtype:trojan-activity;sid:84709476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.139.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846375/; classtype:trojan-activity;sid:84709475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846374)"; flow:established,from_client; content:"GET"; http_method; content:"/47cfd9fe-c027-4027-9212-26474b714f81/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packetdistributionmesh.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846374/; classtype:trojan-activity;sid:84709474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846373/; classtype:trojan-activity;sid:84709473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.92.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846372/; classtype:trojan-activity;sid:84709472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.67.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846371/; classtype:trojan-activity;sid:84709471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.241.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846370/; classtype:trojan-activity;sid:84709470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.150.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846369/; classtype:trojan-activity;sid:84709469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846368)"; flow:established,from_client; content:"GET"; http_method; content:"/cd13431b-cc63-4214-870f-71753b5fb3cc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hypervisorresourcecontroller.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846368/; classtype:trojan-activity;sid:84709468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846367/; classtype:trojan-activity;sid:84709467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846366/; classtype:trojan-activity;sid:84709466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846365/; classtype:trojan-activity;sid:84709465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.12.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846364/; classtype:trojan-activity;sid:84709464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.67.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846363/; classtype:trojan-activity;sid:84709463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846362)"; flow:established,from_client; content:"GET"; http_method; content:"/baabdb37-5427-4c6c-ab76-53715c43cf58/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"telemetry-observability-core.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846362/; classtype:trojan-activity;sid:84709462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846361)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846361/; classtype:trojan-activity;sid:84709461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846360)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846360/; classtype:trojan-activity;sid:84709460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846358)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846358/; classtype:trojan-activity;sid:84709458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846359)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.powerpc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846359/; classtype:trojan-activity;sid:84709459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846355)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.aarch64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846355/; classtype:trojan-activity;sid:84709455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846356)"; flow:established,from_client; content:"GET"; http_method; content:"/load.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846356/; classtype:trojan-activity;sid:84709456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846357)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846357/; classtype:trojan-activity;sid:84709457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846347)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846347/; classtype:trojan-activity;sid:84709447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846348)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846348/; classtype:trojan-activity;sid:84709448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846349)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846349/; classtype:trojan-activity;sid:84709449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846350)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846350/; classtype:trojan-activity;sid:84709450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846351)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846351/; classtype:trojan-activity;sid:84709451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846352)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846352/; classtype:trojan-activity;sid:84709452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846353)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846353/; classtype:trojan-activity;sid:84709453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846354)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846354/; classtype:trojan-activity;sid:84709454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846346/; classtype:trojan-activity;sid:84709446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.42.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846345/; classtype:trojan-activity;sid:84709445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.243.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846344/; classtype:trojan-activity;sid:84709444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846343)"; flow:established,from_client; content:"GET"; http_method; content:"/cc8a7d28-43ff-43ea-a2ae-8f7ff5dc35b5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"runtimeexecutionlayer.wiki"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846343/; classtype:trojan-activity;sid:84709443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.224.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846342/; classtype:trojan-activity;sid:84709442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.42.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846341/; classtype:trojan-activity;sid:84709441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.243.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846340/; classtype:trojan-activity;sid:84709440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846339)"; flow:established,from_client; content:"GET"; http_method; content:"/0973b5d6-e163-4714-b460-1c00edf05bef/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"decentralizedmessagingframework.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846339/; classtype:trojan-activity;sid:84709439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.151.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846338/; classtype:trojan-activity;sid:84709438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.61.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846337/; classtype:trojan-activity;sid:84709437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.224.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846336/; classtype:trojan-activity;sid:84709436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.151.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846334/; classtype:trojan-activity;sid:84709434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846335)"; flow:established,from_client; content:"GET"; http_method; content:"/6ec1edee-9761-4553-8dfd-5f0b3cc550d7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributedobjectstoragenet.wiki"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846335/; classtype:trojan-activity;sid:84709435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.5.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846333/; classtype:trojan-activity;sid:84709433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846332/; classtype:trojan-activity;sid:84709432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846331)"; flow:established,from_client; content:"GET"; http_method; content:"/366c47de-01d5-4d5d-bbfc-71cee1862a6d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microkernel-routing-engine.wiki"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846331/; classtype:trojan-activity;sid:84709431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.46.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846330/; classtype:trojan-activity;sid:84709430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.5.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846329/; classtype:trojan-activity;sid:84709429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846328/; classtype:trojan-activity;sid:84709428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846327)"; flow:established,from_client; content:"GET"; http_method; content:"/4e8d835a-d7c6-4214-ae29-a989fe86d8b4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"streamprocessingnode.wiki"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846327/; classtype:trojan-activity;sid:84709427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.185.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846326/; classtype:trojan-activity;sid:84709426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846324)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.160.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846324/; classtype:trojan-activity;sid:84709424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.28.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846325/; classtype:trojan-activity;sid:84709425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.89.160.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846322/; classtype:trojan-activity;sid:84709422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846323)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.160.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846323/; classtype:trojan-activity;sid:84709423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.160.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846321/; classtype:trojan-activity;sid:84709421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"89.40.31.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846320/; classtype:trojan-activity;sid:84709420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.232.22.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846318/; classtype:trojan-activity;sid:84709418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846319/; classtype:trojan-activity;sid:84709419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846316/; classtype:trojan-activity;sid:84709416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.232.22.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846317/; classtype:trojan-activity;sid:84709417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846314/; classtype:trojan-activity;sid:84709414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846315/; classtype:trojan-activity;sid:84709415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.90.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846313/; classtype:trojan-activity;sid:84709413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.127.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846312/; classtype:trojan-activity;sid:84709412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846311)"; flow:established,from_client; content:"GET"; http_method; content:"/dfc0d53a-d334-485d-8e2a-c27cc2d332e8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-session-broker.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846311/; classtype:trojan-activity;sid:84709411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.90.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846310/; classtype:trojan-activity;sid:84709410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.76.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846309/; classtype:trojan-activity;sid:84709409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846308/; classtype:trojan-activity;sid:84709408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846307)"; flow:established,from_client; content:"GET"; http_method; content:"/466f37f9-24a3-4903-9512-f0177685e3bf/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerorchestrationhub.wiki"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846307/; classtype:trojan-activity;sid:84709407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.83.13.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846306/; classtype:trojan-activity;sid:84709406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846305/; classtype:trojan-activity;sid:84709405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.234.9.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846304/; classtype:trojan-activity;sid:84709404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.83.13.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846303/; classtype:trojan-activity;sid:84709403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846302)"; flow:established,from_client; content:"GET"; http_method; content:"/ae6116fe-2eb1-4544-bb56-b4eb5e959476/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"decentralizedworkflowengine.wiki"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846302/; classtype:trojan-activity;sid:84709402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.236.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846301/; classtype:trojan-activity;sid:84709401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846300)"; flow:established,from_client; content:"GET"; http_method; content:"/408a5b9f-4e98-40ba-9a7a-380fc1ae1712/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"decentralizedworkflowengine.wiki"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846300/; classtype:trojan-activity;sid:84709400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846299)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=efpkfzyhzispedvl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohqvz201.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846299/; classtype:trojan-activity;sid:84709399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846298)"; flow:established,from_client; content:"GET"; http_method; content:"/d2fb5564-3186-4722-98b3-a575e24ae86c/file.name"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"seducingdelirium.surf"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846298/; classtype:trojan-activity;sid:84709398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846297)"; flow:established,from_client; content:"GET"; http_method; content:"/0110f1f2-9ff6-4a3a-987d-bdcb8864faae/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packetrelay.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846297/; classtype:trojan-activity;sid:84709397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.154.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846296/; classtype:trojan-activity;sid:84709396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846295)"; flow:established,from_client; content:"GET"; http_method; content:"/b52c2b88-fc88-43e1-8de8-9183da24f756/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"decentralizedworkflowengine.wiki"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846295/; classtype:trojan-activity;sid:84709395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.236.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846294/; classtype:trojan-activity;sid:84709394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846293)"; flow:established,from_client; content:"GET"; http_method; content:"/571ebba2-19e0-434f-90ba-f4fe31d04c21/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-mesh-core.wiki"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846293/; classtype:trojan-activity;sid:84709393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.242.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846292/; classtype:trojan-activity;sid:84709392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846290)"; flow:established,from_client; content:"GET"; http_method; content:"/1139a7fa-f919-4cf2-bb69-dd437146bc5d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"observability-stream-hub.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846290/; classtype:trojan-activity;sid:84709390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846291)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ejlnuafdxhmhgijq"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"q8gac86p.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846291/; classtype:trojan-activity;sid:84709391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846289)"; flow:established,from_client; content:"GET"; http_method; content:"/c172d30d-a998-4815-a840-508f7cc098aa/file.name"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"seducingdelirium.surf"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846289/; classtype:trojan-activity;sid:84709389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846288/; classtype:trojan-activity;sid:84709388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846287)"; flow:established,from_client; content:"GET"; http_method; content:"/945c6efb-528f-4280-8166-f6d3fd2249bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"observability-stream-hub.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846287/; classtype:trojan-activity;sid:84709387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846286)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fvmcxpugxwjhasym"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"oy85ola7.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846286/; classtype:trojan-activity;sid:84709386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846285)"; flow:established,from_client; content:"GET"; http_method; content:"/d156c1db-fafd-4e68-851f-e5b5d5f44c99/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federated-runtime-network.wiki"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846285/; classtype:trojan-activity;sid:84709385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846284)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=vmvbpjmcldlzkpmx"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"r9chy91i.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846284/; classtype:trojan-activity;sid:84709384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846283)"; flow:established,from_client; content:"GET"; http_method; content:"/120c3a15-298f-4002-b8f2-102a42fdbd0f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"observability-stream-hub.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846283/; classtype:trojan-activity;sid:84709383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.124.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846282/; classtype:trojan-activity;sid:84709382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.219.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846281/; classtype:trojan-activity;sid:84709381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846279/; classtype:trojan-activity;sid:84709379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846280/; classtype:trojan-activity;sid:84709380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846278)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=lqujkdovljouxctw"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pt6nyxsf.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846278/; classtype:trojan-activity;sid:84709378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846277/; classtype:trojan-activity;sid:84709377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846276)"; flow:established,from_client; content:"GET"; http_method; content:"/9faf3f96-4f15-40ea-b853-5078ee570dfe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"observability-stream-hub.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846276/; classtype:trojan-activity;sid:84709376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846275/; classtype:trojan-activity;sid:84709375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846274)"; flow:established,from_client; content:"GET"; http_method; content:"/16d161c3-6ba0-4eae-a848-ac0c12677b6b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hypervisorcontrolplanegrid.wiki"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846274/; classtype:trojan-activity;sid:84709374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.124.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846273/; classtype:trojan-activity;sid:84709373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.197.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846271/; classtype:trojan-activity;sid:84709371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846272/; classtype:trojan-activity;sid:84709372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.192.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846270/; classtype:trojan-activity;sid:84709370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846269/; classtype:trojan-activity;sid:84709369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846268)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=hmbyosfytbaahund"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"vg2tw8iq.unseen-zorenka.digital"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846268/; classtype:trojan-activity;sid:84709368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846267/; classtype:trojan-activity;sid:84709367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.219.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846266/; classtype:trojan-activity;sid:84709366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846265/; classtype:trojan-activity;sid:84709365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.241.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846264/; classtype:trojan-activity;sid:84709364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846263)"; flow:established,from_client; content:"GET"; http_method; content:"/dfeef5dc-fd23-43e4-a3c5-556e00f8c95e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"observability-stream-hub.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846263/; classtype:trojan-activity;sid:84709363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846262/; classtype:trojan-activity;sid:84709362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.157.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846261/; classtype:trojan-activity;sid:84709361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846260)"; flow:established,from_client; content:"GET"; http_method; content:"/37d9c672-9af9-45f4-8aec-5b027efc9eb6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hypervisorcontrolplanegrid.wiki"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846260/; classtype:trojan-activity;sid:84709360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.1.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846259/; classtype:trojan-activity;sid:84709359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846258/; classtype:trojan-activity;sid:84709358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846257/; classtype:trojan-activity;sid:84709357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846256/; classtype:trojan-activity;sid:84709356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.162.33.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846255/; classtype:trojan-activity;sid:84709355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.53.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846254/; classtype:trojan-activity;sid:84709354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846253)"; flow:established,from_client; content:"GET"; http_method; content:"/71446e39-6b3a-4727-bd2a-1ff92cfb96e5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"federated-runtime-network.wiki"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846253/; classtype:trojan-activity;sid:84709353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.252.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846252/; classtype:trojan-activity;sid:84709352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.79.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846251/; classtype:trojan-activity;sid:84709351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846250/; classtype:trojan-activity;sid:84709350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846249)"; flow:established,from_client; content:"GET"; http_method; content:"/1294c9bf-212e-4fe6-bd5c-a8b4bbc6a0f6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"serverless-mesh-core.wiki"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846249/; classtype:trojan-activity;sid:84709349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.170.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846248/; classtype:trojan-activity;sid:84709348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.170.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846247/; classtype:trojan-activity;sid:84709347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846246)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846246/; classtype:trojan-activity;sid:84709346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846245)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846245/; classtype:trojan-activity;sid:84709345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846243)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846243/; classtype:trojan-activity;sid:84709343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846244)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846244/; classtype:trojan-activity;sid:84709344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846242)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846242/; classtype:trojan-activity;sid:84709342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846240)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846240/; classtype:trojan-activity;sid:84709340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846241)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.32.162.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846241/; classtype:trojan-activity;sid:84709341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846239/; classtype:trojan-activity;sid:84709339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846238)"; flow:established,from_client; content:"GET"; http_method; content:"/06ddf1d8-bf3e-48c5-8f3f-9f4b4a870fd2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"packetrelay.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846238/; classtype:trojan-activity;sid:84709338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.1.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846237/; classtype:trojan-activity;sid:84709337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.52.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846236/; classtype:trojan-activity;sid:84709336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846235)"; flow:established,from_client; content:"GET"; http_method; content:"/09cef8ff-f7ce-4dfb-99fc-0c3081dd7697/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microservice-balancer-node.wiki"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846235/; classtype:trojan-activity;sid:84709335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846234)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=vcprdqkjknpytveg"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"4bklvfdi.estradaannivers.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846234/; classtype:trojan-activity;sid:84709334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846233)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=sjsskhzwadmicudv"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"9nl6t4w2.estradaannivers.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846233/; classtype:trojan-activity;sid:84709333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846232)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest0071154z7.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846232/; classtype:trojan-activity;sid:84709332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846231)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest00711z5.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846231/; classtype:trojan-activity;sid:84709331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846228)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest0093t536.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846228/; classtype:trojan-activity;sid:84709328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846229)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecab001.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846229/; classtype:trojan-activity;sid:84709329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846230)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetext0117z45.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846230/; classtype:trojan-activity;sid:84709330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846226)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/transfer_advise_swift.docx"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846226/; classtype:trojan-activity;sid:84709326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846227)"; flow:established,from_client; content:"GET"; http_method; content:"/wps/transfer_advise_swift.cmd"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846227/; classtype:trojan-activity;sid:84709327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846225)"; flow:established,from_client; content:"GET"; http_method; content:"/873b7fbf-755a-42ec-b36b-47de57f62aab/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"microservice-balancer-node.wiki"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846225/; classtype:trojan-activity;sid:84709325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.76.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846224/; classtype:trojan-activity;sid:84709324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846223/; classtype:trojan-activity;sid:84709323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.32.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846222/; classtype:trojan-activity;sid:84709322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.76.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846221/; classtype:trojan-activity;sid:84709321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.161.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846220/; classtype:trojan-activity;sid:84709320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846219)"; flow:established,from_client; content:"GET"; http_method; content:"/95076485-ebb7-4d4e-840e-96e3c6cd77be/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"asyncpipelinehub.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846219/; classtype:trojan-activity;sid:84709319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.243.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846218/; classtype:trojan-activity;sid:84709318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846217)"; flow:established,from_client; content:"GET"; http_method; content:"/mdclient.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846217/; classtype:trojan-activity;sid:84709317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.71.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846216/; classtype:trojan-activity;sid:84709316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846215/; classtype:trojan-activity;sid:84709315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846214)"; flow:established,from_client; content:"GET"; http_method; content:"/4663b661-3e9c-401e-9773-6c8f76accd1a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-packet-gateway.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846214/; classtype:trojan-activity;sid:84709314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.32.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846213/; classtype:trojan-activity;sid:84709313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.155.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846212/; classtype:trojan-activity;sid:84709312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.71.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846211/; classtype:trojan-activity;sid:84709311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846210/; classtype:trojan-activity;sid:84709310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846209)"; flow:established,from_client; content:"GET"; http_method; content:"/fee574ec-4c97-4d98-84c5-6ce4de8f7fab/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"containerfabric.wiki"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846209/; classtype:trojan-activity;sid:84709309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846208/; classtype:trojan-activity;sid:84709308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846207)"; flow:established,from_client; content:"GET"; http_method; content:"/67/img_171102.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846207/; classtype:trojan-activity;sid:84709307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846206)"; flow:established,from_client; content:"GET"; http_method; content:"/67/weneedbetterthingsforbest.hta"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846206/; classtype:trojan-activity;sid:84709306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846205/; classtype:trojan-activity;sid:84709305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846203)"; flow:established,from_client; content:"GET"; http_method; content:"/ufezaa"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"linkku.me"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846203/; classtype:trojan-activity;sid:84709303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846204)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.veeam.comfree-hybrid-cloud-trial.htmlst=bingpaidsearch|7c|26|7c|utm_campaign_id=604987702|7c|26|7c|utm_adgroup=trial-hybrid-cloud-nb-backup|7c|26|7c|utm.php"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846204/; classtype:trojan-activity;sid:84709304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846202)"; flow:established,from_client; content:"GET"; http_method; content:"/d56bb2bd-7183-4ec9-ae18-dbd3600a72d1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cafe-club-oracle-card.wiki"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846202/; classtype:trojan-activity;sid:84709302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846201)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_173518.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sycoreltd.yzz.me"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846201/; classtype:trojan-activity;sid:84709301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846200)"; flow:established,from_client; content:"GET"; http_method; content:"/32/img_221919.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"209.54.103.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846200/; classtype:trojan-activity;sid:84709300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846199)"; flow:established,from_client; content:"GET"; http_method; content:"/32/givemegoodpersoninlifeforlove.hta"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"209.54.103.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846199/; classtype:trojan-activity;sid:84709299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846198)"; flow:established,from_client; content:"GET"; http_method; content:"/d8szzw"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cebol.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846198/; classtype:trojan-activity;sid:84709298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846197)"; flow:established,from_client; content:"GET"; http_method; content:"/veeam.comfree-hybrid-cloud-trial.htmlst=bingpaidsearch|7c|26|7c|utm_campaign_id=604987702|7c|26|7c|utm_adgroup=trial-hybrid-cloud-nb-backup|7c|26|7c|utm_adgroup.php"; http_uri; depth:165; isdataat:!1,relative; nocase; content:"209.54.103.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846197/; classtype:trojan-activity;sid:84709297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.12.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846196/; classtype:trojan-activity;sid:84709296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846195)"; flow:established,from_client; content:"GET"; http_method; content:"/719dae0c-7c77-4108-b646-ecb9b905186a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"prime-object-container-task-archive.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846195/; classtype:trojan-activity;sid:84709295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846194)"; flow:established,from_client; content:"GET"; http_method; content:"/71bfad22-f3da-400d-90f7-609a9872c642/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"eaglefungustourismscreen.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846194/; classtype:trojan-activity;sid:84709294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846193/; classtype:trojan-activity;sid:84709293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846192)"; flow:established,from_client; content:"GET"; http_method; content:"/5da33451-b3ea-4865-aaee-15bbc200c229/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"secure-remote-access-method-file.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846192/; classtype:trojan-activity;sid:84709292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846191)"; flow:established,from_client; content:"GET"; http_method; content:"/dc812321-09e9-41cd-b3d7-34ca5812ad16/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bula-silomercitationlaptop.wiki"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846191/; classtype:trojan-activity;sid:84709291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846190/; classtype:trojan-activity;sid:84709290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.31.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846189/; classtype:trojan-activity;sid:84709289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846188/; classtype:trojan-activity;sid:84709288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846187)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=xlynswxtsrrhdhmy"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"utl1juep.estradaannivers.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846187/; classtype:trojan-activity;sid:84709287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.2.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846186/; classtype:trojan-activity;sid:84709286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.4.2.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846185/; classtype:trojan-activity;sid:84709285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846184)"; flow:established,from_client; content:"GET"; http_method; content:"/178ca1b8-122a-45db-8701-54a54ba0af0c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-compute-engine-template-doc.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846184/; classtype:trojan-activity;sid:84709284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846183)"; flow:established,from_client; content:"GET"; http_method; content:"/3062e946-7d0a-4f38-bbd9-9eb7604e1eb2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tertsiyavocalsunseenfile.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846183/; classtype:trojan-activity;sid:84709283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.79.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846181/; classtype:trojan-activity;sid:84709281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.95.54.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846182/; classtype:trojan-activity;sid:84709282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846180)"; flow:established,from_client; content:"GET"; http_method; content:"/931c1f4c-c65d-4544-a2b4-15835e711dae/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"backup-terminal-gateway-handle-list.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846180/; classtype:trojan-activity;sid:84709280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846179)"; flow:established,from_client; content:"GET"; http_method; content:"/6a15feb6-1c4b-4183-962e-b5f4376b3e5a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"obese-uzousweb-play.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846179/; classtype:trojan-activity;sid:84709279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.241.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846178/; classtype:trojan-activity;sid:84709278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.246.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846177/; classtype:trojan-activity;sid:84709277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.79.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846176/; classtype:trojan-activity;sid:84709276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.238.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846175/; classtype:trojan-activity;sid:84709275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846174/; classtype:trojan-activity;sid:84709274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846173)"; flow:established,from_client; content:"GET"; http_method; content:"/6526b071-e02e-4c45-847d-a53b8da412af/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"active-instance-registry-support-index.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846173/; classtype:trojan-activity;sid:84709273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.50.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846172/; classtype:trojan-activity;sid:84709272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846171)"; flow:established,from_client; content:"GET"; http_method; content:"/94d807a8-84f9-434c-bc33-2552924f4513/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"lyapissvebechkopassword.wiki"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846171/; classtype:trojan-activity;sid:84709271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.28.63.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846170/; classtype:trojan-activity;sid:84709270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846169/; classtype:trojan-activity;sid:84709269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.16.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846168/; classtype:trojan-activity;sid:84709268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.241.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846167/; classtype:trojan-activity;sid:84709267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846166)"; flow:established,from_client; content:"GET"; http_method; content:"/d2419200-ed11-4f5d-b4d5-b0ee729b7bbc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-source-element-package-site.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846166/; classtype:trojan-activity;sid:84709266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846165)"; flow:established,from_client; content:"GET"; http_method; content:"/fcf3664b-c373-4fec-879f-ee04989f4725/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"handout-voivodeshiplink.wiki"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846165/; classtype:trojan-activity;sid:84709265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.50.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846164/; classtype:trojan-activity;sid:84709264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.208.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846163/; classtype:trojan-activity;sid:84709263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.21.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846162/; classtype:trojan-activity;sid:84709262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.111.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846161/; classtype:trojan-activity;sid:84709261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846160)"; flow:established,from_client; content:"GET"; http_method; content:"/862eca77-d08f-4668-9388-2aba73630cef/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"accoun-table-unleash-soft.wiki"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846160/; classtype:trojan-activity;sid:84709260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846159)"; flow:established,from_client; content:"GET"; http_method; content:"/50542787-0f3b-4bb7-8597-211406a88877/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"enterprise-solution-buffer-utility-log.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846159/; classtype:trojan-activity;sid:84709259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846158)"; flow:established,from_client; content:"GET"; http_method; content:"/0f84517d-6d16-4c2f-af65-b44669c004f5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sub-substituteunfeignedflash.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846158/; classtype:trojan-activity;sid:84709258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.129.184.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846157/; classtype:trojan-activity;sid:84709257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.151.218.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846156/; classtype:trojan-activity;sid:84709256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.38.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846155/; classtype:trojan-activity;sid:84709255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.112.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846154/; classtype:trojan-activity;sid:84709254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.237.127.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846153/; classtype:trojan-activity;sid:84709253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846152/; classtype:trojan-activity;sid:84709252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846151/; classtype:trojan-activity;sid:84709251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846150)"; flow:established,from_client; content:"GET"; http_method; content:"/398df28f-7fed-4c5f-a7f1-b888d2e9317e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"root-directory-repository-process-vault.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846150/; classtype:trojan-activity;sid:84709250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.129.184.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846149/; classtype:trojan-activity;sid:84709249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.168.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846148/; classtype:trojan-activity;sid:84709248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.127.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846147/; classtype:trojan-activity;sid:84709247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.112.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846146/; classtype:trojan-activity;sid:84709246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846145)"; flow:established,from_client; content:"GET"; http_method; content:"/af58c925-cc5d-4345-bc31-38fdf6bb1d1c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cherish-cultscreencard.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846145/; classtype:trojan-activity;sid:84709245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.104.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846144/; classtype:trojan-activity;sid:84709244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.101.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846143/; classtype:trojan-activity;sid:84709243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.104.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846142/; classtype:trojan-activity;sid:84709242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846141)"; flow:established,from_client; content:"GET"; http_method; content:"/32e15bee-eb27-4657-9ae5-aece1ed079f1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cluster-module-deployment-standard-map.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846141/; classtype:trojan-activity;sid:84709241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.101.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846140/; classtype:trojan-activity;sid:84709240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.194.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846139/; classtype:trojan-activity;sid:84709239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846138/; classtype:trojan-activity;sid:84709238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.40.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846137/; classtype:trojan-activity;sid:84709237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.123.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846136/; classtype:trojan-activity;sid:84709236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.95.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846135/; classtype:trojan-activity;sid:84709235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846134)"; flow:established,from_client; content:"GET"; http_method; content:"/33f9da35-5e63-4875-ac96-cb78b24afa04/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cherish-cultscreencard.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846134/; classtype:trojan-activity;sid:84709234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846133)"; flow:established,from_client; content:"GET"; http_method; content:"/132c7c19-2abb-4b53-8286-ffae42e63f36/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-architecture-engineering-vault-info.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846133/; classtype:trojan-activity;sid:84709233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.27.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846132/; classtype:trojan-activity;sid:84709232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846130)"; flow:established,from_client; content:"GET"; http_method; content:"/56a84247-0951-410f-b61e-6978b6481cd5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cherish-cultscreencard.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846130/; classtype:trojan-activity;sid:84709230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846131)"; flow:established,from_client; content:"GET"; http_method; content:"/56a84247-0951-410f-b61e-6978b6481cd5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cherish-cultscreencard.wiki"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846131/; classtype:trojan-activity;sid:84709231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846129/; classtype:trojan-activity;sid:84709229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.165.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846128/; classtype:trojan-activity;sid:84709228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846127)"; flow:established,from_client; content:"GET"; http_method; content:"/ee7786d2-9f32-47d8-9a22-9bda422cc6a8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-architecture-engineering-vault-info.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846127/; classtype:trojan-activity;sid:84709227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846126/; classtype:trojan-activity;sid:84709226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.95.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846125/; classtype:trojan-activity;sid:84709225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846124)"; flow:established,from_client; content:"GET"; http_method; content:"/ac459173-32bf-40ba-86e9-9530cedddeda/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"eaglefungustourismscreen.wiki"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846124/; classtype:trojan-activity;sid:84709224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846123/; classtype:trojan-activity;sid:84709223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.92.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846122/; classtype:trojan-activity;sid:84709222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.165.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846121/; classtype:trojan-activity;sid:84709221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846120)"; flow:established,from_client; content:"GET"; http_method; content:"/5783b1e8-e7d5-45b1-b83c-3e69cfee20f8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cafe-club-oracle-card.wiki"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846120/; classtype:trojan-activity;sid:84709220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.123.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846119/; classtype:trojan-activity;sid:84709219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.40.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846118/; classtype:trojan-activity;sid:84709218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846117/; classtype:trojan-activity;sid:84709217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846116)"; flow:established,from_client; content:"GET"; http_method; content:"/f182beb6-0467-4553-af3f-48058a0d8dfb/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"prime-object-container-task-archive.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846116/; classtype:trojan-activity;sid:84709216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846115)"; flow:established,from_client; content:"GET"; http_method; content:"/d942bd10-63f2-49f1-88d1-4c8e609fc2b1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cluster-module-deployment-standard-map.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846115/; classtype:trojan-activity;sid:84709215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846114)"; flow:established,from_client; content:"GET"; http_method; content:"/8b0e64a9-81d0-41fb-955c-dd2617f99115/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846114/; classtype:trojan-activity;sid:84709214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.16.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846113/; classtype:trojan-activity;sid:84709213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846112/; classtype:trojan-activity;sid:84709212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846111)"; flow:established,from_client; content:"GET"; http_method; content:"/b6efe3ce-5d0a-4bce-bbef-acedbf0419fe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"secure-remote-access-method-file.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846111/; classtype:trojan-activity;sid:84709211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.155.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846110/; classtype:trojan-activity;sid:84709210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.16.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846109/; classtype:trojan-activity;sid:84709209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.127.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846108/; classtype:trojan-activity;sid:84709208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846106)"; flow:established,from_client; content:"GET"; http_method; content:"/b4617571-a23f-4592-bf6f-ed70d8bfb7f1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846106/; classtype:trojan-activity;sid:84709206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846107)"; flow:established,from_client; content:"GET"; http_method; content:"/38424c6a-314e-4e65-94f3-52b32ae00d65/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-compute-engine-template-doc.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846107/; classtype:trojan-activity;sid:84709207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.127.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846105/; classtype:trojan-activity;sid:84709205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846104/; classtype:trojan-activity;sid:84709204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846103/; classtype:trojan-activity;sid:84709203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.196.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846102/; classtype:trojan-activity;sid:84709202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846101)"; flow:established,from_client; content:"GET"; http_method; content:"/d7500541-8edc-4d42-81de-61ea4f9471e8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"backup-terminal-gateway-handle-list.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846101/; classtype:trojan-activity;sid:84709201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846100)"; flow:established,from_client; content:"GET"; http_method; content:"/808c827c-0b81-492d-95ac-811cf1619f16/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-architecture-engineering-vault-info.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846100/; classtype:trojan-activity;sid:84709200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.24.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846099/; classtype:trojan-activity;sid:84709199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846098/; classtype:trojan-activity;sid:84709198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.13.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846097/; classtype:trojan-activity;sid:84709197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846096)"; flow:established,from_client; content:"GET"; http_method; content:"/5ccd06c9-c00e-4c14-a9ca-8ec576d6058f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"prime-object-container-task-archive.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846096/; classtype:trojan-activity;sid:84709196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846095)"; flow:established,from_client; content:"GET"; http_method; content:"/58f6f55b-7a6e-4ba2-9679-4f0ac629d239/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"active-instance-registry-support-index.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846095/; classtype:trojan-activity;sid:84709195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846094/; classtype:trojan-activity;sid:84709194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846093/; classtype:trojan-activity;sid:84709193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846092)"; flow:established,from_client; content:"GET"; http_method; content:"/5ec24b4d-362f-42d9-b04e-9f52ced29f8a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"secure-remote-access-method-file.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846092/; classtype:trojan-activity;sid:84709192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846091)"; flow:established,from_client; content:"GET"; http_method; content:"/51c9fc7b-d9fb-4c26-bbf9-9914fa5ef13d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-source-element-package-site.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846091/; classtype:trojan-activity;sid:84709191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.150.252.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846090/; classtype:trojan-activity;sid:84709190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.53.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846089/; classtype:trojan-activity;sid:84709189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846088/; classtype:trojan-activity;sid:84709188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846087)"; flow:established,from_client; content:"GET"; http_method; content:"/54a249bd-4921-45bc-8a02-5db280b19132/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"virtual-compute-engine-template-doc.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846087/; classtype:trojan-activity;sid:84709187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.24.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846086/; classtype:trojan-activity;sid:84709186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846085/; classtype:trojan-activity;sid:84709185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846084/; classtype:trojan-activity;sid:84709184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846083)"; flow:established,from_client; content:"GET"; http_method; content:"/143bc67e-f337-4f57-9aa6-63ee34d6e7df/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"enterprise-solution-buffer-utility-log.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846083/; classtype:trojan-activity;sid:84709183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.13.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846082/; classtype:trojan-activity;sid:84709182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.28.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846081/; classtype:trojan-activity;sid:84709181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.150.252.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846080/; classtype:trojan-activity;sid:84709180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.165.194.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846079/; classtype:trojan-activity;sid:84709179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.83.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846078/; classtype:trojan-activity;sid:84709178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.76.57.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846077/; classtype:trojan-activity;sid:84709177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.20.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846076/; classtype:trojan-activity;sid:84709176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846074/; classtype:trojan-activity;sid:84709174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.86.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846075/; classtype:trojan-activity;sid:84709175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846073)"; flow:established,from_client; content:"GET"; http_method; content:"/11dfc84c-d5b6-4d0f-bc00-ff3e5cbf8010/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"root-directory-repository-process-vault.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846073/; classtype:trojan-activity;sid:84709173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.109.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846072/; classtype:trojan-activity;sid:84709172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.98.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846071/; classtype:trojan-activity;sid:84709171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846070)"; flow:established,from_client; content:"GET"; http_method; content:"/71f48150-4790-426a-be4f-2637c60a118d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"backup-terminal-gateway-handle-list.wiki"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846070/; classtype:trojan-activity;sid:84709170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.193.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846069/; classtype:trojan-activity;sid:84709169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.20.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846068/; classtype:trojan-activity;sid:84709168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.28.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846067/; classtype:trojan-activity;sid:84709167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846066/; classtype:trojan-activity;sid:84709166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.165.194.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846065/; classtype:trojan-activity;sid:84709165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.158.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846064/; classtype:trojan-activity;sid:84709164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846063/; classtype:trojan-activity;sid:84709163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.83.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846062/; classtype:trojan-activity;sid:84709162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846061)"; flow:established,from_client; content:"GET"; http_method; content:"/b154dfa3-8166-44d4-baf5-63b6f48d9fa8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cluster-module-deployment-standard-map.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846061/; classtype:trojan-activity;sid:84709161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846060/; classtype:trojan-activity;sid:84709160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.193.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846059/; classtype:trojan-activity;sid:84709159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846058)"; flow:established,from_client; content:"GET"; http_method; content:"/ba574fe9-fcd9-4d22-8a99-1328924c9699/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"active-instance-registry-support-index.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846058/; classtype:trojan-activity;sid:84709158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846057/; classtype:trojan-activity;sid:84709157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846042)"; flow:established,from_client; content:"GET"; http_method; content:"/wocv"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846042/; classtype:trojan-activity;sid:84709142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846043)"; flow:established,from_client; content:"GET"; http_method; content:"/rmds"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846043/; classtype:trojan-activity;sid:84709143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846044)"; flow:established,from_client; content:"GET"; http_method; content:"/bwq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846044/; classtype:trojan-activity;sid:84709144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846045)"; flow:established,from_client; content:"GET"; http_method; content:"/rk2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846045/; classtype:trojan-activity;sid:84709145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846046)"; flow:established,from_client; content:"GET"; http_method; content:"/1af"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846046/; classtype:trojan-activity;sid:84709146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846047)"; flow:established,from_client; content:"GET"; http_method; content:"/dt5x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846047/; classtype:trojan-activity;sid:84709147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846048)"; flow:established,from_client; content:"GET"; http_method; content:"/uds"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846048/; classtype:trojan-activity;sid:84709148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846049)"; flow:established,from_client; content:"GET"; http_method; content:"/5zd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846049/; classtype:trojan-activity;sid:84709149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846050)"; flow:established,from_client; content:"GET"; http_method; content:"/r9h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846050/; classtype:trojan-activity;sid:84709150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846051)"; flow:established,from_client; content:"GET"; http_method; content:"/1bvw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846051/; classtype:trojan-activity;sid:84709151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846052)"; flow:established,from_client; content:"GET"; http_method; content:"/z3e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846052/; classtype:trojan-activity;sid:84709152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846053)"; flow:established,from_client; content:"GET"; http_method; content:"/6rco"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846053/; classtype:trojan-activity;sid:84709153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846054)"; flow:established,from_client; content:"GET"; http_method; content:"/u8fr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846054/; classtype:trojan-activity;sid:84709154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846055)"; flow:established,from_client; content:"GET"; http_method; content:"/alw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846055/; classtype:trojan-activity;sid:84709155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846056)"; flow:established,from_client; content:"GET"; http_method; content:"/ybz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846056/; classtype:trojan-activity;sid:84709156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846012)"; flow:established,from_client; content:"GET"; http_method; content:"/ghi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846012/; classtype:trojan-activity;sid:84709112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846013)"; flow:established,from_client; content:"GET"; http_method; content:"/wfhj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846013/; classtype:trojan-activity;sid:84709113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846014)"; flow:established,from_client; content:"GET"; http_method; content:"/msj3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846014/; classtype:trojan-activity;sid:84709114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846015)"; flow:established,from_client; content:"GET"; http_method; content:"/bm2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846015/; classtype:trojan-activity;sid:84709115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846016)"; flow:established,from_client; content:"GET"; http_method; content:"/xf3"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846016/; classtype:trojan-activity;sid:84709116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846017)"; flow:established,from_client; content:"GET"; http_method; content:"/rioa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846017/; classtype:trojan-activity;sid:84709117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846018)"; flow:established,from_client; content:"GET"; http_method; content:"/qcf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846018/; classtype:trojan-activity;sid:84709118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846019)"; flow:established,from_client; content:"GET"; http_method; content:"/gj2r"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846019/; classtype:trojan-activity;sid:84709119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846020)"; flow:established,from_client; content:"GET"; http_method; content:"/hg6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846020/; classtype:trojan-activity;sid:84709120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846021)"; flow:established,from_client; content:"GET"; http_method; content:"/xrn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846021/; classtype:trojan-activity;sid:84709121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846022)"; flow:established,from_client; content:"GET"; http_method; content:"/42zo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846022/; classtype:trojan-activity;sid:84709122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846023)"; flow:established,from_client; content:"GET"; http_method; content:"/ak5"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846023/; classtype:trojan-activity;sid:84709123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846024)"; flow:established,from_client; content:"GET"; http_method; content:"/54y"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846024/; classtype:trojan-activity;sid:84709124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846025)"; flow:established,from_client; content:"GET"; http_method; content:"/n8cj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846025/; classtype:trojan-activity;sid:84709125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846026)"; flow:established,from_client; content:"GET"; http_method; content:"/mm79"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846026/; classtype:trojan-activity;sid:84709126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846027)"; flow:established,from_client; content:"GET"; http_method; content:"/n8jw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846027/; classtype:trojan-activity;sid:84709127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846028)"; flow:established,from_client; content:"GET"; http_method; content:"/7gwc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846028/; classtype:trojan-activity;sid:84709128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846029)"; flow:established,from_client; content:"GET"; http_method; content:"/grs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846029/; classtype:trojan-activity;sid:84709129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846030)"; flow:established,from_client; content:"GET"; http_method; content:"/3pwk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846030/; classtype:trojan-activity;sid:84709130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846031)"; flow:established,from_client; content:"GET"; http_method; content:"/agns"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846031/; classtype:trojan-activity;sid:84709131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846032)"; flow:established,from_client; content:"GET"; http_method; content:"/rmu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846032/; classtype:trojan-activity;sid:84709132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846033)"; flow:established,from_client; content:"GET"; http_method; content:"/sq9"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846033/; classtype:trojan-activity;sid:84709133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846034)"; flow:established,from_client; content:"GET"; http_method; content:"/b6n"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846034/; classtype:trojan-activity;sid:84709134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846035)"; flow:established,from_client; content:"GET"; http_method; content:"/jwg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846035/; classtype:trojan-activity;sid:84709135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846036)"; flow:established,from_client; content:"GET"; http_method; content:"/7esu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846036/; classtype:trojan-activity;sid:84709136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846037)"; flow:established,from_client; content:"GET"; http_method; content:"/t6y"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846037/; classtype:trojan-activity;sid:84709137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846038)"; flow:established,from_client; content:"GET"; http_method; content:"/5pt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846038/; classtype:trojan-activity;sid:84709138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846039)"; flow:established,from_client; content:"GET"; http_method; content:"/ckj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846039/; classtype:trojan-activity;sid:84709139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846040)"; flow:established,from_client; content:"GET"; http_method; content:"/k49"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846040/; classtype:trojan-activity;sid:84709140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846041)"; flow:established,from_client; content:"GET"; http_method; content:"/tsj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846041/; classtype:trojan-activity;sid:84709141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846011)"; flow:established,from_client; content:"GET"; http_method; content:"/7a6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846011/; classtype:trojan-activity;sid:84709111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.98.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846010/; classtype:trojan-activity;sid:84709110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.50.148.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846009/; classtype:trojan-activity;sid:84709109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846008)"; flow:established,from_client; content:"GET"; http_method; content:"/6e7035ee-416f-4aaf-b13b-800afe52757a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-architecture-engineering-vault-info.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846008/; classtype:trojan-activity;sid:84709108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.204.157.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846007/; classtype:trojan-activity;sid:84709107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846006)"; flow:established,from_client; content:"GET"; http_method; content:"/bd5f8587-826f-475b-b758-cbfcf6d02b62/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"distributed-source-element-package-site.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846006/; classtype:trojan-activity;sid:84709106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.242.9.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846005/; classtype:trojan-activity;sid:84709105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.9.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846004/; classtype:trojan-activity;sid:84709104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.20.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846003/; classtype:trojan-activity;sid:84709103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846002/; classtype:trojan-activity;sid:84709102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.204.157.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846001/; classtype:trojan-activity;sid:84709101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846000)"; flow:established,from_client; content:"GET"; http_method; content:"/2c181645-5f9f-4a26-b98c-f5fffc06d26e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"contactdisrupwhite.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846000/; classtype:trojan-activity;sid:84709100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845999)"; flow:established,from_client; content:"GET"; http_method; content:"/8bd489a3-0cca-46e6-8ccc-c6f32fb10015/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"enterprise-solution-buffer-utility-log.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845999/; classtype:trojan-activity;sid:84709099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845998/; classtype:trojan-activity;sid:84709098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.77.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845997/; classtype:trojan-activity;sid:84709097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.142.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845996/; classtype:trojan-activity;sid:84709096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845995/; classtype:trojan-activity;sid:84709095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.88.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845994/; classtype:trojan-activity;sid:84709094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.249.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845993/; classtype:trojan-activity;sid:84709093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845992/; classtype:trojan-activity;sid:84709092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845990)"; flow:established,from_client; content:"GET"; http_method; content:"/a406023c-d0e4-46ef-a90a-d1e8794154ab/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"quart-rantman.wiki"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845990/; classtype:trojan-activity;sid:84709090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845991)"; flow:established,from_client; content:"GET"; http_method; content:"/eda71d32-4af2-4864-84db-a5a84a1d006a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"root-directory-repository-process-vault.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845991/; classtype:trojan-activity;sid:84709091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.28.63.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845989/; classtype:trojan-activity;sid:84709089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.151.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845988/; classtype:trojan-activity;sid:84709088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845982)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845982/; classtype:trojan-activity;sid:84709082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845983)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845983/; classtype:trojan-activity;sid:84709083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845984)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845984/; classtype:trojan-activity;sid:84709084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845985)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845985/; classtype:trojan-activity;sid:84709085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845986)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845986/; classtype:trojan-activity;sid:84709086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845987)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845987/; classtype:trojan-activity;sid:84709087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845974)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845974/; classtype:trojan-activity;sid:84709074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845975)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845975/; classtype:trojan-activity;sid:84709075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845976)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845976/; classtype:trojan-activity;sid:84709076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845977)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845977/; classtype:trojan-activity;sid:84709077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845978)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845978/; classtype:trojan-activity;sid:84709078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845979)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845979/; classtype:trojan-activity;sid:84709079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845980)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845980/; classtype:trojan-activity;sid:84709080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845981)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.153.34.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845981/; classtype:trojan-activity;sid:84709081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845973/; classtype:trojan-activity;sid:84709073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.83.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845972/; classtype:trojan-activity;sid:84709072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845971)"; flow:established,from_client; content:"GET"; http_method; content:"/8cbbd338-10f8-4fa2-84ea-ab0c924bff4e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"snooze-wontdrama.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845971/; classtype:trojan-activity;sid:84709071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.77.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845970/; classtype:trojan-activity;sid:84709070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.38.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845969/; classtype:trojan-activity;sid:84709069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845968)"; flow:established,from_client; content:"GET"; http_method; content:"/ca44555e-7880-4448-a18c-ae94b98ad164/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cluster-module-deployment-standard-map.wiki"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845968/; classtype:trojan-activity;sid:84709068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845967/; classtype:trojan-activity;sid:84709067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.210.147.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845966/; classtype:trojan-activity;sid:84709066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845965/; classtype:trojan-activity;sid:84709065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845945)"; flow:established,from_client; content:"GET"; http_method; content:"/dnfn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845945/; classtype:trojan-activity;sid:84709045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845946)"; flow:established,from_client; content:"GET"; http_method; content:"/aba"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845946/; classtype:trojan-activity;sid:84709046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845947)"; flow:established,from_client; content:"GET"; http_method; content:"/vbk5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845947/; classtype:trojan-activity;sid:84709047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845948)"; flow:established,from_client; content:"GET"; http_method; content:"/gemt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845948/; classtype:trojan-activity;sid:84709048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845949)"; flow:established,from_client; content:"GET"; http_method; content:"/t8vp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845949/; classtype:trojan-activity;sid:84709049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845950)"; flow:established,from_client; content:"GET"; http_method; content:"/2ej"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845950/; classtype:trojan-activity;sid:84709050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845951)"; flow:established,from_client; content:"GET"; http_method; content:"/ropf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845951/; classtype:trojan-activity;sid:84709051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845952)"; flow:established,from_client; content:"GET"; http_method; content:"/kxg4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845952/; classtype:trojan-activity;sid:84709052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845953)"; flow:established,from_client; content:"GET"; http_method; content:"/xbll"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845953/; classtype:trojan-activity;sid:84709053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845954)"; flow:established,from_client; content:"GET"; http_method; content:"/z5i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845954/; classtype:trojan-activity;sid:84709054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845955)"; flow:established,from_client; content:"GET"; http_method; content:"/sad"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845955/; classtype:trojan-activity;sid:84709055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845956)"; flow:established,from_client; content:"GET"; http_method; content:"/em9r"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845956/; classtype:trojan-activity;sid:84709056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845957)"; flow:established,from_client; content:"GET"; http_method; content:"/4nd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845957/; classtype:trojan-activity;sid:84709057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845958)"; flow:established,from_client; content:"GET"; http_method; content:"/o8q"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845958/; classtype:trojan-activity;sid:84709058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845959)"; flow:established,from_client; content:"GET"; http_method; content:"/l3l9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845959/; classtype:trojan-activity;sid:84709059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845960)"; flow:established,from_client; content:"GET"; http_method; content:"/dkjo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845960/; classtype:trojan-activity;sid:84709060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845961)"; flow:established,from_client; content:"GET"; http_method; content:"/wiu4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845961/; classtype:trojan-activity;sid:84709061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845962)"; flow:established,from_client; content:"GET"; http_method; content:"/36e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845962/; classtype:trojan-activity;sid:84709062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845963)"; flow:established,from_client; content:"GET"; http_method; content:"/b9i"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845963/; classtype:trojan-activity;sid:84709063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.220.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845964/; classtype:trojan-activity;sid:84709064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845928)"; flow:established,from_client; content:"GET"; http_method; content:"/ojgo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845928/; classtype:trojan-activity;sid:84709028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845929)"; flow:established,from_client; content:"GET"; http_method; content:"/tenu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845929/; classtype:trojan-activity;sid:84709029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845930)"; flow:established,from_client; content:"GET"; http_method; content:"/e19k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845930/; classtype:trojan-activity;sid:84709030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845931)"; flow:established,from_client; content:"GET"; http_method; content:"/xxt2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845931/; classtype:trojan-activity;sid:84709031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845932)"; flow:established,from_client; content:"GET"; http_method; content:"/9oik"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845932/; classtype:trojan-activity;sid:84709032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845933)"; flow:established,from_client; content:"GET"; http_method; content:"/irh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845933/; classtype:trojan-activity;sid:84709033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845934)"; flow:established,from_client; content:"GET"; http_method; content:"/n44"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845934/; classtype:trojan-activity;sid:84709034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845935)"; flow:established,from_client; content:"GET"; http_method; content:"/icq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845935/; classtype:trojan-activity;sid:84709035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845936)"; flow:established,from_client; content:"GET"; http_method; content:"/fmq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845936/; classtype:trojan-activity;sid:84709036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845937)"; flow:established,from_client; content:"GET"; http_method; content:"/nzs7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845937/; classtype:trojan-activity;sid:84709037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845938)"; flow:established,from_client; content:"GET"; http_method; content:"/n0fz"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845938/; classtype:trojan-activity;sid:84709038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845939)"; flow:established,from_client; content:"GET"; http_method; content:"/afs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845939/; classtype:trojan-activity;sid:84709039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845940)"; flow:established,from_client; content:"GET"; http_method; content:"/fyfw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845940/; classtype:trojan-activity;sid:84709040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845941)"; flow:established,from_client; content:"GET"; http_method; content:"/b27"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845941/; classtype:trojan-activity;sid:84709041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845942)"; flow:established,from_client; content:"GET"; http_method; content:"/xqk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845942/; classtype:trojan-activity;sid:84709042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845943)"; flow:established,from_client; content:"GET"; http_method; content:"/ut6d"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845943/; classtype:trojan-activity;sid:84709043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845944)"; flow:established,from_client; content:"GET"; http_method; content:"/uo2k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845944/; classtype:trojan-activity;sid:84709044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845921)"; flow:established,from_client; content:"GET"; http_method; content:"/iby"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845921/; classtype:trojan-activity;sid:84709021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845922)"; flow:established,from_client; content:"GET"; http_method; content:"/zcm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845922/; classtype:trojan-activity;sid:84709022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845923)"; flow:established,from_client; content:"GET"; http_method; content:"/h0v"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845923/; classtype:trojan-activity;sid:84709023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845924)"; flow:established,from_client; content:"GET"; http_method; content:"/ozt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845924/; classtype:trojan-activity;sid:84709024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845925)"; flow:established,from_client; content:"GET"; http_method; content:"/tzb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845925/; classtype:trojan-activity;sid:84709025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845926)"; flow:established,from_client; content:"GET"; http_method; content:"/dga"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845926/; classtype:trojan-activity;sid:84709026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845927)"; flow:established,from_client; content:"GET"; http_method; content:"/hcp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845927/; classtype:trojan-activity;sid:84709027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845903)"; flow:established,from_client; content:"GET"; http_method; content:"/ntu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845903/; classtype:trojan-activity;sid:84709003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845904)"; flow:established,from_client; content:"GET"; http_method; content:"/rto6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845904/; classtype:trojan-activity;sid:84709004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845905)"; flow:established,from_client; content:"GET"; http_method; content:"/fxn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845905/; classtype:trojan-activity;sid:84709005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845906)"; flow:established,from_client; content:"GET"; http_method; content:"/saun"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845906/; classtype:trojan-activity;sid:84709006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845907)"; flow:established,from_client; content:"GET"; http_method; content:"/k15"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845907/; classtype:trojan-activity;sid:84709007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845908)"; flow:established,from_client; content:"GET"; http_method; content:"/hd4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845908/; classtype:trojan-activity;sid:84709008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845909)"; flow:established,from_client; content:"GET"; http_method; content:"/c21"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845909/; classtype:trojan-activity;sid:84709009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845910)"; flow:established,from_client; content:"GET"; http_method; content:"/26p"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845910/; classtype:trojan-activity;sid:84709010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845911)"; flow:established,from_client; content:"GET"; http_method; content:"/dmvd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845911/; classtype:trojan-activity;sid:84709011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845912)"; flow:established,from_client; content:"GET"; http_method; content:"/88c"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845912/; classtype:trojan-activity;sid:84709012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845913)"; flow:established,from_client; content:"GET"; http_method; content:"/udeg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845913/; classtype:trojan-activity;sid:84709013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845914)"; flow:established,from_client; content:"GET"; http_method; content:"/u3lt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845914/; classtype:trojan-activity;sid:84709014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845915)"; flow:established,from_client; content:"GET"; http_method; content:"/m3dx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845915/; classtype:trojan-activity;sid:84709015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845916)"; flow:established,from_client; content:"GET"; http_method; content:"/bth"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845916/; classtype:trojan-activity;sid:84709016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845917)"; flow:established,from_client; content:"GET"; http_method; content:"/bhmu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845917/; classtype:trojan-activity;sid:84709017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845918)"; flow:established,from_client; content:"GET"; http_method; content:"/ozx3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845918/; classtype:trojan-activity;sid:84709018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845919)"; flow:established,from_client; content:"GET"; http_method; content:"/mpe"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845919/; classtype:trojan-activity;sid:84709019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845920)"; flow:established,from_client; content:"GET"; http_method; content:"/ddu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845920/; classtype:trojan-activity;sid:84709020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845902/; classtype:trojan-activity;sid:84709002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.83.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845901/; classtype:trojan-activity;sid:84709001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.142.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845900/; classtype:trojan-activity;sid:84709000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.38.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845899/; classtype:trojan-activity;sid:84708999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.85.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845898/; classtype:trojan-activity;sid:84708998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845897)"; flow:established,from_client; content:"GET"; http_method; content:"/5377a516-06a1-4a9c-95fd-30da2ce2ddc7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"miststarvationsify.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845897/; classtype:trojan-activity;sid:84708997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845896)"; flow:established,from_client; content:"GET"; http_method; content:"/a0adf388-659b-4bd9-a161-640b66b5f972/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pro-architecture-engineering-vault-info.wiki"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845896/; classtype:trojan-activity;sid:84708996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.142.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845895/; classtype:trojan-activity;sid:84708995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.214.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845894/; classtype:trojan-activity;sid:84708994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.144.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845893/; classtype:trojan-activity;sid:84708993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845892)"; flow:established,from_client; content:"GET"; http_method; content:"/30544815-898d-4521-8e5e-833ebc5a881f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"long-pescar.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845892/; classtype:trojan-activity;sid:84708992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.21.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845891/; classtype:trojan-activity;sid:84708991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845890)"; flow:established,from_client; content:"GET"; http_method; content:"/7b9c5b1e-6c62-4568-b9fd-c6c2cae84cdb/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"contactdisrupwhite.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845890/; classtype:trojan-activity;sid:84708990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845889/; classtype:trojan-activity;sid:84708989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.38.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845888/; classtype:trojan-activity;sid:84708988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.101.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845887/; classtype:trojan-activity;sid:84708987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.135.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845886/; classtype:trojan-activity;sid:84708986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.224.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845885/; classtype:trojan-activity;sid:84708985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845884/; classtype:trojan-activity;sid:84708984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.214.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845883/; classtype:trojan-activity;sid:84708983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845882)"; flow:established,from_client; content:"GET"; http_method; content:"/a53d0eb3-748b-4d3c-a8f0-2f420e3d4dd6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glarsitttrain.wiki"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845882/; classtype:trojan-activity;sid:84708982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845881)"; flow:established,from_client; content:"GET"; http_method; content:"/de23bbce-e735-40b9-91ba-4f19d2a3b1f9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"quart-rantman.wiki"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845881/; classtype:trojan-activity;sid:84708981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845880/; classtype:trojan-activity;sid:84708980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.91.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845879/; classtype:trojan-activity;sid:84708979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.101.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845878/; classtype:trojan-activity;sid:84708978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.135.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845877/; classtype:trojan-activity;sid:84708977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.25.107.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845875/; classtype:trojan-activity;sid:84708975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845876/; classtype:trojan-activity;sid:84708976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.172.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845874/; classtype:trojan-activity;sid:84708974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.126.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845873/; classtype:trojan-activity;sid:84708973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845872)"; flow:established,from_client; content:"GET"; http_method; content:"/10bc9c0e-fc42-430f-87a2-a93077579a39/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"snooze-wontdrama.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845872/; classtype:trojan-activity;sid:84708972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845871)"; flow:established,from_client; content:"GET"; http_method; content:"/0b68def4-8f13-4537-b69f-9543a4260e8e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"angelpatter.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845871/; classtype:trojan-activity;sid:84708971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.142.121.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845870/; classtype:trojan-activity;sid:84708970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.172.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845869/; classtype:trojan-activity;sid:84708969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.124.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845868/; classtype:trojan-activity;sid:84708968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845867)"; flow:established,from_client; content:"GET"; http_method; content:"/1dea6270-512a-43ea-b08d-eb37fef6f4e0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"girlytrans-fusion.wiki"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845867/; classtype:trojan-activity;sid:84708967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.200.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3845866/; classtype:trojan-activity;sid:84708966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845865)"; flow:established,from_client; content:"GET"; http_method; content:"/bd5109ec-c32a-43a2-ae4e-752a3c623f45/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"miststarvationsify.wiki"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845865/; classtype:trojan-activity;sid:84708965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845864/; classtype:trojan-activity;sid:84708964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.88.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845863/; classtype:trojan-activity;sid:84708963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.110.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845862/; classtype:trojan-activity;sid:84708962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845861)"; flow:established,from_client; content:"GET"; http_method; content:"/aca783e5-9e54-4f62-83cc-c8cb92ddb0a4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"passoverphysiqclass.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845861/; classtype:trojan-activity;sid:84708961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845860)"; flow:established,from_client; content:"GET"; http_method; content:"/798932a5-b694-42d8-a7ee-34c9689936a8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"long-pescar.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845860/; classtype:trojan-activity;sid:84708960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.114.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845859/; classtype:trojan-activity;sid:84708959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.143.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845858/; classtype:trojan-activity;sid:84708958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845857/; classtype:trojan-activity;sid:84708957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845856/; classtype:trojan-activity;sid:84708956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845855)"; flow:established,from_client; content:"GET"; http_method; content:"/b0ebcbee-b938-4658-8a3e-e82ebdd0f64b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ordersub-versive.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845855/; classtype:trojan-activity;sid:84708955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845854)"; flow:established,from_client; content:"GET"; http_method; content:"/c2b7b6e5-f8ea-44d0-a72f-5ea7eab15244/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glarsitttrain.wiki"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845854/; classtype:trojan-activity;sid:84708954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845853/; classtype:trojan-activity;sid:84708953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845852/; classtype:trojan-activity;sid:84708952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845851)"; flow:established,from_client; content:"GET"; http_method; content:"/d12c4579-d1e4-48ac-b311-f2295e92e7ad/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"long-pescar.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845851/; classtype:trojan-activity;sid:84708951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845850)"; flow:established,from_client; content:"GET"; http_method; content:"/d12c4579-d1e4-48ac-b311-f2295e92e7ad/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"long-pescar.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845850/; classtype:trojan-activity;sid:84708950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.210.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845849/; classtype:trojan-activity;sid:84708949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845848)"; flow:established,from_client; content:"GET"; http_method; content:"/5a74af8b-5f86-4fdd-bf08-adebe5190217/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"angelpatter.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845848/; classtype:trojan-activity;sid:84708948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.143.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845847/; classtype:trojan-activity;sid:84708947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.251.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845846/; classtype:trojan-activity;sid:84708946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.162.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845845/; classtype:trojan-activity;sid:84708945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.146.50.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845844/; classtype:trojan-activity;sid:84708944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.87.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845843/; classtype:trojan-activity;sid:84708943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845841)"; flow:established,from_client; content:"GET"; http_method; content:"/eca2b0d5-2ba8-4a5f-aedc-334601b0c525/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glarsitttrain.wiki"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845841/; classtype:trojan-activity;sid:84708941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845842)"; flow:established,from_client; content:"GET"; http_method; content:"/eca2b0d5-2ba8-4a5f-aedc-334601b0c525/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glarsitttrain.wiki"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845842/; classtype:trojan-activity;sid:84708942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845840)"; flow:established,from_client; content:"GET"; http_method; content:"/87ef811e-5405-4a11-9978-0a98ff64596c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"girlytrans-fusion.wiki"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845840/; classtype:trojan-activity;sid:84708940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845839/; classtype:trojan-activity;sid:84708939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.21.174.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845837/; classtype:trojan-activity;sid:84708937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845838)"; flow:established,from_client; content:"GET"; http_method; content:"/0fc754b8-4489-45df-84c4-e1485c7a8794/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"angelpatter.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845838/; classtype:trojan-activity;sid:84708938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.73.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845835/; classtype:trojan-activity;sid:84708935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845836)"; flow:established,from_client; content:"GET"; http_method; content:"/0fc754b8-4489-45df-84c4-e1485c7a8794/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"angelpatter.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845836/; classtype:trojan-activity;sid:84708936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.224.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845834/; classtype:trojan-activity;sid:84708934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845833)"; flow:established,from_client; content:"GET"; http_method; content:"/dfeaa18a-e831-429e-a225-07a7a22598a6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"passoverphysiqclass.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845833/; classtype:trojan-activity;sid:84708933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.59.6.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845832/; classtype:trojan-activity;sid:84708932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.33.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845831/; classtype:trojan-activity;sid:84708931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845830)"; flow:established,from_client; content:"GET"; http_method; content:"/24a9d9af-a729-4afc-8eb4-5ac3c254453c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"girlytrans-fusion.wiki"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845830/; classtype:trojan-activity;sid:84708930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845829)"; flow:established,from_client; content:"GET"; http_method; content:"/24a9d9af-a729-4afc-8eb4-5ac3c254453c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"girlytrans-fusion.wiki"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845829/; classtype:trojan-activity;sid:84708929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.27.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845828/; classtype:trojan-activity;sid:84708928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab46e5bd-64e7-4453-8069-ce33a5cc6656/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ordersub-versive.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845827/; classtype:trojan-activity;sid:84708927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.186.112.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845826/; classtype:trojan-activity;sid:84708926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.195.140.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845825/; classtype:trojan-activity;sid:84708925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.33.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845824/; classtype:trojan-activity;sid:84708924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.226.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845823/; classtype:trojan-activity;sid:84708923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845821)"; flow:established,from_client; content:"GET"; http_method; content:"/8dc15019-74d9-459a-af06-8382bd308a1f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"passoverphysiqclass.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845821/; classtype:trojan-activity;sid:84708921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845822)"; flow:established,from_client; content:"GET"; http_method; content:"/8dc15019-74d9-459a-af06-8382bd308a1f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"passoverphysiqclass.wiki"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845822/; classtype:trojan-activity;sid:84708922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.240.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845820/; classtype:trojan-activity;sid:84708920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845819)"; flow:established,from_client; content:"GET"; http_method; content:"/60845241-6f73-4c99-88ce-cd920bd8cd62/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"passwordweb.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845819/; classtype:trojan-activity;sid:84708919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.87.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845818/; classtype:trojan-activity;sid:84708918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.103.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845817/; classtype:trojan-activity;sid:84708917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.84.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845816/; classtype:trojan-activity;sid:84708916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.18.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845815/; classtype:trojan-activity;sid:84708915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845814)"; flow:established,from_client; content:"GET"; http_method; content:"/6cc5ad94-2779-432e-9caa-8dbdd724742e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ordersub-versive.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845814/; classtype:trojan-activity;sid:84708914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845813)"; flow:established,from_client; content:"GET"; http_method; content:"/6cc5ad94-2779-432e-9caa-8dbdd724742e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ordersub-versive.wiki"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845813/; classtype:trojan-activity;sid:84708913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845812)"; flow:established,from_client; content:"GET"; http_method; content:"/74059139-cf72-4b14-a243-b255536cd6da/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"laptoplink.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845812/; classtype:trojan-activity;sid:84708912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.24.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845811/; classtype:trojan-activity;sid:84708911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.84.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845810/; classtype:trojan-activity;sid:84708910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845809/; classtype:trojan-activity;sid:84708909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.240.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845808/; classtype:trojan-activity;sid:84708908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845803)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845803/; classtype:trojan-activity;sid:84708903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845804)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845804/; classtype:trojan-activity;sid:84708904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845805)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845805/; classtype:trojan-activity;sid:84708905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845806)"; flow:established,from_client; content:"GET"; http_method; content:"/testload.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845806/; classtype:trojan-activity;sid:84708906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845807)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845807/; classtype:trojan-activity;sid:84708907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845802)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845802/; classtype:trojan-activity;sid:84708902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845801)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845801/; classtype:trojan-activity;sid:84708901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.180.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845800/; classtype:trojan-activity;sid:84708900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845799)"; flow:established,from_client; content:"GET"; http_method; content:"/90acf02e-fdb0-47fc-acaf-2e7b8a35578d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"passwordweb.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845799/; classtype:trojan-activity;sid:84708899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845798)"; flow:established,from_client; content:"GET"; http_method; content:"/98fb1985-1eb2-4e13-bcf2-61a05f790442/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"unitmemory.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845798/; classtype:trojan-activity;sid:84708898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.103.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845797/; classtype:trojan-activity;sid:84708897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.18.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845796/; classtype:trojan-activity;sid:84708896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845795)"; flow:established,from_client; content:"GET"; http_method; content:"/f489f86f-57c6-440a-b679-d4dc87378e52/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"laptoplink.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845795/; classtype:trojan-activity;sid:84708895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845794)"; flow:established,from_client; content:"GET"; http_method; content:"/e384e1bc-6f6f-48d1-a9ec-c610dc74e9f7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"softwarefile.wiki"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845794/; classtype:trojan-activity;sid:84708894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.180.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845793/; classtype:trojan-activity;sid:84708893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845791/; classtype:trojan-activity;sid:84708891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.127.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845792/; classtype:trojan-activity;sid:84708892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845790)"; flow:established,from_client; content:"GET"; http_method; content:"/9a2927ad-0c39-41ee-b2ba-b0d53174807e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"unitmemory.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845790/; classtype:trojan-activity;sid:84708890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.220.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845789/; classtype:trojan-activity;sid:84708889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845788)"; flow:established,from_client; content:"GET"; http_method; content:"/b6ccb512-45fd-4781-9860-5f2fdf6f0a35/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"supplyflash.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845788/; classtype:trojan-activity;sid:84708888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.23.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845787/; classtype:trojan-activity;sid:84708887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.193.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845786/; classtype:trojan-activity;sid:84708886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.105.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845785/; classtype:trojan-activity;sid:84708885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845784)"; flow:established,from_client; content:"GET"; http_method; content:"/038189f0-fad9-4834-b250-2cbf9a567ef4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"softwarefile.wiki"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845784/; classtype:trojan-activity;sid:84708884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845783/; classtype:trojan-activity;sid:84708883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845782)"; flow:established,from_client; content:"GET"; http_method; content:"/164dbbd6-b83d-4568-b01b-dc6f1f1d1a3d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"supplyflash.wiki"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845782/; classtype:trojan-activity;sid:84708882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845781)"; flow:established,from_client; content:"GET"; http_method; content:"/438fee3c-f140-4a22-ac73-31cf98084491/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"screencard.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845781/; classtype:trojan-activity;sid:84708881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845775/; classtype:trojan-activity;sid:84708875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845776)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845776/; classtype:trojan-activity;sid:84708876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845777)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845777/; classtype:trojan-activity;sid:84708877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845778)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845778/; classtype:trojan-activity;sid:84708878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845779)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845779/; classtype:trojan-activity;sid:84708879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845780)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845780/; classtype:trojan-activity;sid:84708880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845774)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845774/; classtype:trojan-activity;sid:84708874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845773)"; flow:established,from_client; content:"GET"; http_method; content:"/jyvy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845773/; classtype:trojan-activity;sid:84708873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845772)"; flow:established,from_client; content:"GET"; http_method; content:"/cpo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845772/; classtype:trojan-activity;sid:84708872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.105.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845771/; classtype:trojan-activity;sid:84708871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.169.235.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845770/; classtype:trojan-activity;sid:84708870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845769)"; flow:established,from_client; content:"GET"; http_method; content:"/c552892a-4999-4418-a838-b08cc3d1ba71/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"codeframe.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845769/; classtype:trojan-activity;sid:84708869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.83.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845768/; classtype:trojan-activity;sid:84708868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845767/; classtype:trojan-activity;sid:84708867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.53.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845766/; classtype:trojan-activity;sid:84708866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845765)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845765/; classtype:trojan-activity;sid:84708865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845763)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845763/; classtype:trojan-activity;sid:84708863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845764)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845764/; classtype:trojan-activity;sid:84708864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845762)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845762/; classtype:trojan-activity;sid:84708862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845761)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.153.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845761/; classtype:trojan-activity;sid:84708861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845760)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.68.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845760/; classtype:trojan-activity;sid:84708860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845759)"; flow:established,from_client; content:"GET"; http_method; content:"/474d67fd-5d29-4788-8cf4-a323f7b48791/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"devmatrix.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845759/; classtype:trojan-activity;sid:84708859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845758/; classtype:trojan-activity;sid:84708858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845757)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=hrkprsueofvxgzly"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"qaff1aeg.chronicle5-diachiha.digital"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845757/; classtype:trojan-activity;sid:84708857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845756/; classtype:trojan-activity;sid:84708856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845755/; classtype:trojan-activity;sid:84708855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845751)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845751/; classtype:trojan-activity;sid:84708851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845752)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsrouter"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845752/; classtype:trojan-activity;sid:84708852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845753)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845753/; classtype:trojan-activity;sid:84708853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845754)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845754/; classtype:trojan-activity;sid:84708854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845748)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845748/; classtype:trojan-activity;sid:84708848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845749)"; flow:established,from_client; content:"GET"; http_method; content:"/zorgy.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845749/; classtype:trojan-activity;sid:84708849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845750)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845750/; classtype:trojan-activity;sid:84708850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845747)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845747/; classtype:trojan-activity;sid:84708847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845746)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845746/; classtype:trojan-activity;sid:84708846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845740)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845740/; classtype:trojan-activity;sid:84708840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845741)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845741/; classtype:trojan-activity;sid:84708841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845742)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845742/; classtype:trojan-activity;sid:84708842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845743)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845743/; classtype:trojan-activity;sid:84708843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845744)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845744/; classtype:trojan-activity;sid:84708844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845745)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845745/; classtype:trojan-activity;sid:84708845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845738)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845738/; classtype:trojan-activity;sid:84708838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845739)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845739/; classtype:trojan-activity;sid:84708839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845737)"; flow:established,from_client; content:"GET"; http_method; content:"/c198fdf9-c838-4339-8253-732b48312afe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cryptogrid.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845737/; classtype:trojan-activity;sid:84708837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.153.78.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845736/; classtype:trojan-activity;sid:84708836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845735/; classtype:trojan-activity;sid:84708835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845734/; classtype:trojan-activity;sid:84708834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.90.104.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845733/; classtype:trojan-activity;sid:84708833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845732/; classtype:trojan-activity;sid:84708832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.1.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845731/; classtype:trojan-activity;sid:84708831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.153.78.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845730/; classtype:trojan-activity;sid:84708830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.82.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845729/; classtype:trojan-activity;sid:84708829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845728)"; flow:established,from_client; content:"GET"; http_method; content:"/9a8ed7a6-e898-4839-bbfd-3184e017e873/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"byteforge.surf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845728/; classtype:trojan-activity;sid:84708828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.100.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845727/; classtype:trojan-activity;sid:84708827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845726/; classtype:trojan-activity;sid:84708826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845725/; classtype:trojan-activity;sid:84708825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.23.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845724/; classtype:trojan-activity;sid:84708824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845723)"; flow:established,from_client; content:"GET"; http_method; content:"/1cfb4915-b656-4e39-abca-04731707dac4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"scriptmesh.surf"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845723/; classtype:trojan-activity;sid:84708823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845722/; classtype:trojan-activity;sid:84708822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.23.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845721/; classtype:trojan-activity;sid:84708821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.82.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845720/; classtype:trojan-activity;sid:84708820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.112.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845719/; classtype:trojan-activity;sid:84708819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845718)"; flow:established,from_client; content:"GET"; http_method; content:"/fdcc63e1-b733-4ffc-b4b0-564c82dd4464/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pixelcore.surf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845718/; classtype:trojan-activity;sid:84708818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.96.93.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845717/; classtype:trojan-activity;sid:84708817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845716/; classtype:trojan-activity;sid:84708816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845714/; classtype:trojan-activity;sid:84708814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.114.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845715/; classtype:trojan-activity;sid:84708815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.3.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845713/; classtype:trojan-activity;sid:84708813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.189.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845712/; classtype:trojan-activity;sid:84708812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845711/; classtype:trojan-activity;sid:84708811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845710)"; flow:established,from_client; content:"GET"; http_method; content:"/74248fae-d56c-4f0c-851f-93e0ada0fe9a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cybergrid.surf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845710/; classtype:trojan-activity;sid:84708810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.104.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845709/; classtype:trojan-activity;sid:84708809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845708/; classtype:trojan-activity;sid:84708808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.112.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845707/; classtype:trojan-activity;sid:84708807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845706/; classtype:trojan-activity;sid:84708806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845705)"; flow:established,from_client; content:"GET"; http_method; content:"/b651396d-c645-4948-91f8-1494ad50c200/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"logicnode.surf"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845705/; classtype:trojan-activity;sid:84708805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845704/; classtype:trojan-activity;sid:84708804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845703/; classtype:trojan-activity;sid:84708803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.48.114.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845702/; classtype:trojan-activity;sid:84708802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845701)"; flow:established,from_client; content:"GET"; http_method; content:"/1f408e4b-5c24-4a47-9d08-ac348e3486b3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"codeframe.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845701/; classtype:trojan-activity;sid:84708801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845700)"; flow:established,from_client; content:"GET"; http_method; content:"/1f408e4b-5c24-4a47-9d08-ac348e3486b3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"codeframe.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845700/; classtype:trojan-activity;sid:84708800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845699/; classtype:trojan-activity;sid:84708799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.163.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845698/; classtype:trojan-activity;sid:84708798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.37.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845697/; classtype:trojan-activity;sid:84708797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845696/; classtype:trojan-activity;sid:84708796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845695/; classtype:trojan-activity;sid:84708795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845694/; classtype:trojan-activity;sid:84708794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845693/; classtype:trojan-activity;sid:84708793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845692)"; flow:established,from_client; content:"GET"; http_method; content:"/error84"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.130.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845692/; classtype:trojan-activity;sid:84708792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.253.80.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845691/; classtype:trojan-activity;sid:84708791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845690)"; flow:established,from_client; content:"GET"; http_method; content:"/34c8f678-b269-4705-a9ce-719a066fef17/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stackforge.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845690/; classtype:trojan-activity;sid:84708790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845689)"; flow:established,from_client; content:"GET"; http_method; content:"/34c8f678-b269-4705-a9ce-719a066fef17/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"stackforge.wiki"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845689/; classtype:trojan-activity;sid:84708789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.163.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845688/; classtype:trojan-activity;sid:84708788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.90.104.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845687/; classtype:trojan-activity;sid:84708787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.48.114.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845686/; classtype:trojan-activity;sid:84708786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845685/; classtype:trojan-activity;sid:84708785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845684/; classtype:trojan-activity;sid:84708784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.253.80.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845683/; classtype:trojan-activity;sid:84708783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.203.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845682/; classtype:trojan-activity;sid:84708782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.29.214.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845681/; classtype:trojan-activity;sid:84708781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845680/; classtype:trojan-activity;sid:84708780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.34.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845679/; classtype:trojan-activity;sid:84708779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845678/; classtype:trojan-activity;sid:84708778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.217.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845677/; classtype:trojan-activity;sid:84708777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845675)"; flow:established,from_client; content:"GET"; http_method; content:"/29eb1df6-6d14-4af7-a269-d54f4eab59a5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845675/; classtype:trojan-activity;sid:84708775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845676)"; flow:established,from_client; content:"GET"; http_method; content:"/29eb1df6-6d14-4af7-a269-d54f4eab59a5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845676/; classtype:trojan-activity;sid:84708776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845673)"; flow:established,from_client; content:"GET"; http_method; content:"/$|7c|7b|7c|uuid__|7c|7d|7c|/google.ct"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845673/; classtype:trojan-activity;sid:84708773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845674)"; flow:established,from_client; content:"GET"; http_method; content:"/$%7buuid__%7d/google.ct"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845674/; classtype:trojan-activity;sid:84708774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845672)"; flow:established,from_client; content:"GET"; http_method; content:"/0220461a-e5ed-47e6-bfa5-e66b0ea86b96/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845672/; classtype:trojan-activity;sid:84708772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845671)"; flow:established,from_client; content:"GET"; http_method; content:"/0220461a-e5ed-47e6-bfa5-e66b0ea86b96/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845671/; classtype:trojan-activity;sid:84708771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845670/; classtype:trojan-activity;sid:84708770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845668)"; flow:established,from_client; content:"GET"; http_method; content:"/516b5f87-d872-40da-bda8-d20b31c2a180/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845668/; classtype:trojan-activity;sid:84708768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845669)"; flow:established,from_client; content:"GET"; http_method; content:"/516b5f87-d872-40da-bda8-d20b31c2a180/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845669/; classtype:trojan-activity;sid:84708769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.34.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845667/; classtype:trojan-activity;sid:84708767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845666)"; flow:established,from_client; content:"GET"; http_method; content:"/fae81002-82da-484f-8f0c-4be2e154a7cb/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845666/; classtype:trojan-activity;sid:84708766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845665)"; flow:established,from_client; content:"GET"; http_method; content:"/fae81002-82da-484f-8f0c-4be2e154a7cb/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845665/; classtype:trojan-activity;sid:84708765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.117.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845664/; classtype:trojan-activity;sid:84708764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845663)"; flow:established,from_client; content:"GET"; http_method; content:"/ccd0950c-3cc5-4378-975d-90956ef8162c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845663/; classtype:trojan-activity;sid:84708763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845662)"; flow:established,from_client; content:"GET"; http_method; content:"/ccd0950c-3cc5-4378-975d-90956ef8162c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845662/; classtype:trojan-activity;sid:84708762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845660/; classtype:trojan-activity;sid:84708760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.217.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845661/; classtype:trojan-activity;sid:84708761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845659)"; flow:established,from_client; content:"GET"; http_method; content:"/b7c252d5-5141-4448-bc4f-f96a457d994d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845659/; classtype:trojan-activity;sid:84708759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845658)"; flow:established,from_client; content:"GET"; http_method; content:"/b7c252d5-5141-4448-bc4f-f96a457d994d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"netvector.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845658/; classtype:trojan-activity;sid:84708758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845656)"; flow:established,from_client; content:"GET"; http_method; content:"/7861c157-638e-4210-b2de-f8bbd4c06d32/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845656/; classtype:trojan-activity;sid:84708756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845657)"; flow:established,from_client; content:"GET"; http_method; content:"/7861c157-638e-4210-b2de-f8bbd4c06d32/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845657/; classtype:trojan-activity;sid:84708757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845655)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-t1/101125/raw/main/t1.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845655/; classtype:trojan-activity;sid:84708755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845651)"; flow:established,from_client; content:"GET"; http_method; content:"/dcm-t1/101125/main/t1.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845651/; classtype:trojan-activity;sid:84708751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845652)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/t1-26/main/t1.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845652/; classtype:trojan-activity;sid:84708752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.125.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845653/; classtype:trojan-activity;sid:84708753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845654)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/raw/main/pd-92725.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845654/; classtype:trojan-activity;sid:84708754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845650)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/t1-26/raw/main/t1.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845650/; classtype:trojan-activity;sid:84708750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845649)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/raw/main/pd-92725.zip/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845649/; classtype:trojan-activity;sid:84708749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845647)"; flow:established,from_client; content:"GET"; http_method; content:"/68102b7c-8334-4fdd-a2bc-2d8c9bafd95f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845647/; classtype:trojan-activity;sid:84708747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845648)"; flow:established,from_client; content:"GET"; http_method; content:"/rouskii126/hihi/raw/main/document.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845648/; classtype:trojan-activity;sid:84708748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845646)"; flow:established,from_client; content:"GET"; http_method; content:"/68102b7c-8334-4fdd-a2bc-2d8c9bafd95f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845646/; classtype:trojan-activity;sid:84708746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845644)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/ut1-26/blob/main/up-t1.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845644/; classtype:trojan-activity;sid:84708744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845645)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/pd-9-11125/main/u-p.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845645/; classtype:trojan-activity;sid:84708745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845640)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/ut1-26/raw/main/up-t1.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845640/; classtype:trojan-activity;sid:84708740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845641)"; flow:established,from_client; content:"GET"; http_method; content:"/rouskiiu/ut/main/ud.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845641/; classtype:trojan-activity;sid:84708741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845642)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/ut1-26/main/up-t1.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845642/; classtype:trojan-activity;sid:84708742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845643)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-7-te/ud-vtn/main/ud-t2.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845643/; classtype:trojan-activity;sid:84708743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845632)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/pd-9-11125/raw/main/u-p.png"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845632/; classtype:trojan-activity;sid:84708732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845633)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/102125/blob/main/ud.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845633/; classtype:trojan-activity;sid:84708733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845634)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d-3t/blob/main/dcm-t2.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845634/; classtype:trojan-activity;sid:84708734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845635)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/102125/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845635/; classtype:trojan-activity;sid:84708735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845636)"; flow:established,from_client; content:"GET"; http_method; content:"/d7cdb85d-1901-4f9c-ac4d-edac1430b673"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fast.raidher.icu"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845636/; classtype:trojan-activity;sid:84708736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845637)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/102125/blob/main/u-p.png"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845637/; classtype:trojan-activity;sid:84708737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845638)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/102125/raw/main/ud.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845638/; classtype:trojan-activity;sid:84708738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845639)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/ut1-26/main/ud.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845639/; classtype:trojan-activity;sid:84708739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845630)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"proishestvie2026onlaine.vercel.app"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845630/; classtype:trojan-activity;sid:84708730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845631)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51523.file-open.surf"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845631/; classtype:trojan-activity;sid:84708731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845626)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/blob/main/pd-92725.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845626/; classtype:trojan-activity;sid:84708726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845627)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/ut1-26/blob/main/ud.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845627/; classtype:trojan-activity;sid:84708727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845628)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/pd-9-11125/blob/main/ud.png"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845628/; classtype:trojan-activity;sid:84708728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845629)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ok-dtpnew.cyou"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845629/; classtype:trojan-activity;sid:84708729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845613)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photo-album-jopki.vercel.app"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845613/; classtype:trojan-activity;sid:84708713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845614)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/t1-26/blob/main/t1.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845614/; classtype:trojan-activity;sid:84708714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845615)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d-3t/blob/main/dcm-t1.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845615/; classtype:trojan-activity;sid:84708715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845616)"; flow:established,from_client; content:"GET"; http_method; content:"/rouskii126/hihi/main/document.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845616/; classtype:trojan-activity;sid:84708716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845617)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dtp-photo19.file-open.surf"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845617/; classtype:trojan-activity;sid:84708717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845618)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avariya.cfd"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845618/; classtype:trojan-activity;sid:84708718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845619)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d-3t/blob/main/dcm-t3.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845619/; classtype:trojan-activity;sid:84708719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845620)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"photogrs-rid.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845620/; classtype:trojan-activity;sid:84708720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845621)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dtp-photos10.file-open.surf"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845621/; classtype:trojan-activity;sid:84708721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845622)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"ok-ru-photo6.live"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845622/; classtype:trojan-activity;sid:84708722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845623)"; flow:established,from_client; content:"GET"; http_method; content:"/api/download"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"svo-baza-poisk.pro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845623/; classtype:trojan-activity;sid:84708723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845624)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"smother-portf.file-open.surf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845624/; classtype:trojan-activity;sid:84708724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845625)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-pd/pd-9-11125/blob/main/u-p.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845625/; classtype:trojan-activity;sid:84708725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845610)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845610/; classtype:trojan-activity;sid:84708710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845611)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845611/; classtype:trojan-activity;sid:84708711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845612)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845612/; classtype:trojan-activity;sid:84708712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845597)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photo-albuum.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845597/; classtype:trojan-activity;sid:84708697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845598)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fotolends.lat"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845598/; classtype:trojan-activity;sid:84708698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845599)"; flow:established,from_client; content:"GET"; http_method; content:"/aba86bec-6d75-44a9-8a64-9fe1c7a9ed8e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845599/; classtype:trojan-activity;sid:84708699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845600)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845600/; classtype:trojan-activity;sid:84708700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845601)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845601/; classtype:trojan-activity;sid:84708701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845602)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845602/; classtype:trojan-activity;sid:84708702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845603)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845603/; classtype:trojan-activity;sid:84708703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845604)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845604/; classtype:trojan-activity;sid:84708704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845605)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845605/; classtype:trojan-activity;sid:84708705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845606)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845606/; classtype:trojan-activity;sid:84708706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845607)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845607/; classtype:trojan-activity;sid:84708707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845608)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845608/; classtype:trojan-activity;sid:84708708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845609)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845609/; classtype:trojan-activity;sid:84708709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845596)"; flow:established,from_client; content:"GET"; http_method; content:"/aba86bec-6d75-44a9-8a64-9fe1c7a9ed8e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845596/; classtype:trojan-activity;sid:84708696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845594)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"russia24.icu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845594/; classtype:trojan-activity;sid:84708694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845595)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photoalbbum.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845595/; classtype:trojan-activity;sid:84708695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845591)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845591/; classtype:trojan-activity;sid:84708691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845592)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photo-album-anusa.vercel.app"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845592/; classtype:trojan-activity;sid:84708692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845593)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.141.122.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845593/; classtype:trojan-activity;sid:84708693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845590)"; flow:established,from_client; content:"GET"; http_method; content:"/images/launcher.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"w63709gi.beget.tech"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845590/; classtype:trojan-activity;sid:84708690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845584)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845584/; classtype:trojan-activity;sid:84708684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845585)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845585/; classtype:trojan-activity;sid:84708685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845586)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fotomaxinstall.click"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845586/; classtype:trojan-activity;sid:84708686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845587)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/ysnyliaosnn1mng2sorqi/swift_3786.rar|3f|rlkey=brotbnbbrem89mnvv1fi9qike|7c|26|7c|st=6teip751|7c|26|7c|dl=1"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845587/; classtype:trojan-activity;sid:84708687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845588)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.252.155.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845588/; classtype:trojan-activity;sid:84708688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845589)"; flow:established,from_client; content:"GET"; http_method; content:"/app.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.fotoinstalll.ink"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845589/; classtype:trojan-activity;sid:84708689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845579)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845579/; classtype:trojan-activity;sid:84708679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845580)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845580/; classtype:trojan-activity;sid:84708680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845581)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845581/; classtype:trojan-activity;sid:84708681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845582)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845582/; classtype:trojan-activity;sid:84708682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845583)"; flow:established,from_client; content:"GET"; http_method; content:"/389242390482/3atonational.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"87.121.79.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845583/; classtype:trojan-activity;sid:84708683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845577)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photomax-12-05.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845577/; classtype:trojan-activity;sid:84708677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845578)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"avariya2026dtpru.vercel.app"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845578/; classtype:trojan-activity;sid:84708678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845576)"; flow:established,from_client; content:"GET"; http_method; content:"/doodlenoodle123/win-stager.msi/blob/main/win-stager.ps1"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845576/; classtype:trojan-activity;sid:84708676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845561)"; flow:established,from_client; content:"GET"; http_method; content:"/ugd/09c1d5_b4a43d563e1e4b159370953dd56117b7.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.usrfiles.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845561/; classtype:trojan-activity;sid:84708661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845562/; classtype:trojan-activity;sid:84708662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845563/; classtype:trojan-activity;sid:84708663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845564/; classtype:trojan-activity;sid:84708664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845565/; classtype:trojan-activity;sid:84708665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845566/; classtype:trojan-activity;sid:84708666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845567/; classtype:trojan-activity;sid:84708667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845568/; classtype:trojan-activity;sid:84708668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845569/; classtype:trojan-activity;sid:84708669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845570/; classtype:trojan-activity;sid:84708670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845571/; classtype:trojan-activity;sid:84708671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845572/; classtype:trojan-activity;sid:84708672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845573)"; flow:established,from_client; content:"GET"; http_method; content:"/dynamic|3f|txd=fa90319c89e7a0272c859f9f1403c6c2f12793281d3a295ce283d6018d5dd1c3"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"briskinternet.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845573/; classtype:trojan-activity;sid:84708673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845574/; classtype:trojan-activity;sid:84708674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"159.223.61.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845575/; classtype:trojan-activity;sid:84708675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845558)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7382018045/o4lpmlr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845558/; classtype:trojan-activity;sid:84708658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845559)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1772561689/fohqd4r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845559/; classtype:trojan-activity;sid:84708659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845560)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8717422379/bkrjaut.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845560/; classtype:trojan-activity;sid:84708660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5763009148/sjfcqib.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845556/; classtype:trojan-activity;sid:84708656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845557)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7879618597/fclwbgc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845557/; classtype:trojan-activity;sid:84708657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845554)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/dapyiz_5hzacpxfjtb3nyyxon0dhzb8b6hvhtrzvxiipqx4yu64lenqt8q9blhiulroqzmonpcvhxrizfbrtyumg2dszpwv8sgqdetfxpulf2stbx99f8cwxfjbtobdzoqaugsthvj9jlk24avrpm1gy/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"ucc6e338a3f30f0e0b9b543ba09c.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845554/; classtype:trojan-activity;sid:84708654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845555)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845555/; classtype:trojan-activity;sid:84708655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845549)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/tn1wyvz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845549/; classtype:trojan-activity;sid:84708649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845550)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8183300806/on4lig4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845550/; classtype:trojan-activity;sid:84708650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845551)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5763009148/yw3h0gr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845551/; classtype:trojan-activity;sid:84708651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845552)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/p5euiw0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845552/; classtype:trojan-activity;sid:84708652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845553)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/iqal9vy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845553/; classtype:trojan-activity;sid:84708653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845548)"; flow:established,from_client; content:"GET"; http_method; content:"/f5c72f77-e5c3-4809-bc6e-7c410d1125a3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845548/; classtype:trojan-activity;sid:84708648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845547)"; flow:established,from_client; content:"GET"; http_method; content:"/f5c72f77-e5c3-4809-bc6e-7c410d1125a3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845547/; classtype:trojan-activity;sid:84708647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845545)"; flow:established,from_client; content:"GET"; http_method; content:"/40ff8fc1-a68b-4a64-9dfd-93335bf12dc6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845545/; classtype:trojan-activity;sid:84708645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845546)"; flow:established,from_client; content:"GET"; http_method; content:"/40ff8fc1-a68b-4a64-9dfd-93335bf12dc6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845546/; classtype:trojan-activity;sid:84708646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845544)"; flow:established,from_client; content:"GET"; http_method; content:"/801dca8b-4664-4b6d-812e-386df653fe18/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845544/; classtype:trojan-activity;sid:84708644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845543)"; flow:established,from_client; content:"GET"; http_method; content:"/801dca8b-4664-4b6d-812e-386df653fe18/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845543/; classtype:trojan-activity;sid:84708643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.89.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845542/; classtype:trojan-activity;sid:84708642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845540)"; flow:established,from_client; content:"GET"; http_method; content:"/faae9401-3489-419a-9e8e-a539ce4b92b0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845540/; classtype:trojan-activity;sid:84708640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845541)"; flow:established,from_client; content:"GET"; http_method; content:"/faae9401-3489-419a-9e8e-a539ce4b92b0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845541/; classtype:trojan-activity;sid:84708641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845536)"; flow:established,from_client; content:"GET"; http_method; content:"/img_eva.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845536/; classtype:trojan-activity;sid:84708636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845537)"; flow:established,from_client; content:"GET"; http_method; content:"/yubest.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845537/; classtype:trojan-activity;sid:84708637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845538)"; flow:established,from_client; content:"GET"; http_method; content:"/linkhgyrb/bkrrafg.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845538/; classtype:trojan-activity;sid:84708638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845539)"; flow:established,from_client; content:"GET"; http_method; content:"/iiseva.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845539/; classtype:trojan-activity;sid:84708639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845534)"; flow:established,from_client; content:"GET"; http_method; content:"/otsifar/othoytr.js"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845534/; classtype:trojan-activity;sid:84708634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845535)"; flow:established,from_client; content:"GET"; http_method; content:"/files/comany_profile_order%20requirment_dec_jan2026_2025.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845535/; classtype:trojan-activity;sid:84708635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845533)"; flow:established,from_client; content:"GET"; http_method; content:"/1fb067ff-f42d-4f2b-ba15-c01743d4725e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845533/; classtype:trojan-activity;sid:84708633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845532)"; flow:established,from_client; content:"GET"; http_method; content:"/1fb067ff-f42d-4f2b-ba15-c01743d4725e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845532/; classtype:trojan-activity;sid:84708632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.114.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845531/; classtype:trojan-activity;sid:84708631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.117.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845530/; classtype:trojan-activity;sid:84708630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845529)"; flow:established,from_client; content:"GET"; http_method; content:"/f5ae095a-8c5c-407b-bb3d-0d60997d8829/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845529/; classtype:trojan-activity;sid:84708629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845528)"; flow:established,from_client; content:"GET"; http_method; content:"/f5ae095a-8c5c-407b-bb3d-0d60997d8829/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"datapulse.wiki"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845528/; classtype:trojan-activity;sid:84708628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845527/; classtype:trojan-activity;sid:84708627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845525)"; flow:established,from_client; content:"GET"; http_method; content:"/9a01fd0a-13e1-444c-b49b-65626cac8fbe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845525/; classtype:trojan-activity;sid:84708625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845526)"; flow:established,from_client; content:"GET"; http_method; content:"/9a01fd0a-13e1-444c-b49b-65626cac8fbe/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845526/; classtype:trojan-activity;sid:84708626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845524/; classtype:trojan-activity;sid:84708624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845523)"; flow:established,from_client; content:"GET"; http_method; content:"/d8a61f16-8f5a-433a-bf05-82eb3f4b20c8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845523/; classtype:trojan-activity;sid:84708623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845522)"; flow:established,from_client; content:"GET"; http_method; content:"/d8a61f16-8f5a-433a-bf05-82eb3f4b20c8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845522/; classtype:trojan-activity;sid:84708622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845521)"; flow:established,from_client; content:"GET"; http_method; content:"/837f9d89-ec7d-4758-b2dc-83c54babcbfc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845521/; classtype:trojan-activity;sid:84708621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845520)"; flow:established,from_client; content:"GET"; http_method; content:"/837f9d89-ec7d-4758-b2dc-83c54babcbfc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845520/; classtype:trojan-activity;sid:84708620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845519)"; flow:established,from_client; content:"GET"; http_method; content:"/308670ee-6163-4699-9ce9-f8e7906a9ba8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845519/; classtype:trojan-activity;sid:84708619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845518)"; flow:established,from_client; content:"GET"; http_method; content:"/308670ee-6163-4699-9ce9-f8e7906a9ba8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845518/; classtype:trojan-activity;sid:84708618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.89.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845517/; classtype:trojan-activity;sid:84708617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845516)"; flow:established,from_client; content:"GET"; http_method; content:"/2cf77e4a-1f3e-40c0-88f9-6c457d5023d1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845516/; classtype:trojan-activity;sid:84708616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845515)"; flow:established,from_client; content:"GET"; http_method; content:"/2cf77e4a-1f3e-40c0-88f9-6c457d5023d1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845515/; classtype:trojan-activity;sid:84708615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845514/; classtype:trojan-activity;sid:84708614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.237.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845513/; classtype:trojan-activity;sid:84708613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845512)"; flow:established,from_client; content:"GET"; http_method; content:"/8b1beffc-4771-4102-b186-f9330df2e167/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845512/; classtype:trojan-activity;sid:84708612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845511)"; flow:established,from_client; content:"GET"; http_method; content:"/8b1beffc-4771-4102-b186-f9330df2e167/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845511/; classtype:trojan-activity;sid:84708611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.27.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845510/; classtype:trojan-activity;sid:84708610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845508)"; flow:established,from_client; content:"GET"; http_method; content:"/c77a256b-c000-4b24-8d8b-47ee65a11880/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845508/; classtype:trojan-activity;sid:84708608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845509)"; flow:established,from_client; content:"GET"; http_method; content:"/c77a256b-c000-4b24-8d8b-47ee65a11880/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845509/; classtype:trojan-activity;sid:84708609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.45.95.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845506/; classtype:trojan-activity;sid:84708606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845507/; classtype:trojan-activity;sid:84708607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845505/; classtype:trojan-activity;sid:84708605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845504)"; flow:established,from_client; content:"GET"; http_method; content:"/528dcbb4-3368-4d19-8379-2a6b7d63e38b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845504/; classtype:trojan-activity;sid:84708604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845503)"; flow:established,from_client; content:"GET"; http_method; content:"/528dcbb4-3368-4d19-8379-2a6b7d63e38b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dashcorpcloud.co"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845503/; classtype:trojan-activity;sid:84708603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845501)"; flow:established,from_client; content:"GET"; http_method; content:"/e49776bd-0137-4afe-95ac-8c57c27805ec/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845501/; classtype:trojan-activity;sid:84708601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845502)"; flow:established,from_client; content:"GET"; http_method; content:"/e49776bd-0137-4afe-95ac-8c57c27805ec/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845502/; classtype:trojan-activity;sid:84708602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.125.42.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845500/; classtype:trojan-activity;sid:84708600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.93.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845497/; classtype:trojan-activity;sid:84708597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845498)"; flow:established,from_client; content:"GET"; http_method; content:"/e4d02f79-9e4c-4561-99bc-58e24778366d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845498/; classtype:trojan-activity;sid:84708598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.178.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845499/; classtype:trojan-activity;sid:84708599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.46.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845496/; classtype:trojan-activity;sid:84708596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845495)"; flow:established,from_client; content:"GET"; http_method; content:"/e4d02f79-9e4c-4561-99bc-58e24778366d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845495/; classtype:trojan-activity;sid:84708595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845494)"; flow:established,from_client; content:"GET"; http_method; content:"/c685cde4-7d6c-4b1f-b243-9ffb7d27a096/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845494/; classtype:trojan-activity;sid:84708594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845493)"; flow:established,from_client; content:"GET"; http_method; content:"/c685cde4-7d6c-4b1f-b243-9ffb7d27a096/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845493/; classtype:trojan-activity;sid:84708593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.37.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845492/; classtype:trojan-activity;sid:84708592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845491/; classtype:trojan-activity;sid:84708591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845490)"; flow:established,from_client; content:"GET"; http_method; content:"/a33c02c0-1087-4e71-8994-9302bc719b73/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845490/; classtype:trojan-activity;sid:84708590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845489)"; flow:established,from_client; content:"GET"; http_method; content:"/a33c02c0-1087-4e71-8994-9302bc719b73/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845489/; classtype:trojan-activity;sid:84708589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.230.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845488/; classtype:trojan-activity;sid:84708588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845487)"; flow:established,from_client; content:"GET"; http_method; content:"/da00e80a-eebe-4913-9115-d8826d9b1801/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845487/; classtype:trojan-activity;sid:84708587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845486)"; flow:established,from_client; content:"GET"; http_method; content:"/da00e80a-eebe-4913-9115-d8826d9b1801/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845486/; classtype:trojan-activity;sid:84708586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845485)"; flow:established,from_client; content:"GET"; http_method; content:"/36703d46-db3d-4c8a-818a-fb404cdcb68f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845485/; classtype:trojan-activity;sid:84708585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845484)"; flow:established,from_client; content:"GET"; http_method; content:"/36703d46-db3d-4c8a-818a-fb404cdcb68f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845484/; classtype:trojan-activity;sid:84708584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845483)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=affxhyxyamoysczb"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"b5fdl2mw.hor1inka-lonely.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845483/; classtype:trojan-activity;sid:84708583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845481)"; flow:established,from_client; content:"GET"; http_method; content:"/8170b732-cf1a-40a3-ac14-68edaf35dbaf/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845481/; classtype:trojan-activity;sid:84708581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845482)"; flow:established,from_client; content:"GET"; http_method; content:"/8170b732-cf1a-40a3-ac14-68edaf35dbaf/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845482/; classtype:trojan-activity;sid:84708582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845480)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=pacrtgjaeegtswbs"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"p9015zuh.unp2idvalk.digital"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845480/; classtype:trojan-activity;sid:84708580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845478)"; flow:established,from_client; content:"GET"; http_method; content:"/69d3676e-c942-448d-a3cb-e5c007af98a4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845478/; classtype:trojan-activity;sid:84708578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845479)"; flow:established,from_client; content:"GET"; http_method; content:"/69d3676e-c942-448d-a3cb-e5c007af98a4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845479/; classtype:trojan-activity;sid:84708579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.125.42.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845477/; classtype:trojan-activity;sid:84708577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845475)"; flow:established,from_client; content:"GET"; http_method; content:"/93c23d74-688b-44e8-a3be-b71660893505/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845475/; classtype:trojan-activity;sid:84708575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845476)"; flow:established,from_client; content:"GET"; http_method; content:"/93c23d74-688b-44e8-a3be-b71660893505/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845476/; classtype:trojan-activity;sid:84708576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845474)"; flow:established,from_client; content:"GET"; http_method; content:"/aa9401e2-5a6c-4414-a64f-8d84bc07b198/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845474/; classtype:trojan-activity;sid:84708574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845473)"; flow:established,from_client; content:"GET"; http_method; content:"/aa9401e2-5a6c-4414-a64f-8d84bc07b198/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845473/; classtype:trojan-activity;sid:84708573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845472)"; flow:established,from_client; content:"GET"; http_method; content:"/6139c8f6-c378-4f65-ae28-d3dfc15eee68/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845472/; classtype:trojan-activity;sid:84708572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845471)"; flow:established,from_client; content:"GET"; http_method; content:"/6139c8f6-c378-4f65-ae28-d3dfc15eee68/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845471/; classtype:trojan-activity;sid:84708571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845470)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845470/; classtype:trojan-activity;sid:84708570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845468)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845468/; classtype:trojan-activity;sid:84708568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845469)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845469/; classtype:trojan-activity;sid:84708569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845465)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845465/; classtype:trojan-activity;sid:84708565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845466)"; flow:established,from_client; content:"GET"; http_method; content:"/arm/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845466/; classtype:trojan-activity;sid:84708566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845467)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.135.208.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845467/; classtype:trojan-activity;sid:84708567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845463)"; flow:established,from_client; content:"GET"; http_method; content:"/dce3e8a3-af17-4d7b-92b3-118b6b4bbb4d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845463/; classtype:trojan-activity;sid:84708563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845464)"; flow:established,from_client; content:"GET"; http_method; content:"/dce3e8a3-af17-4d7b-92b3-118b6b4bbb4d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845464/; classtype:trojan-activity;sid:84708564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845461)"; flow:established,from_client; content:"GET"; http_method; content:"/22b8dad8-de06-410e-bbdd-8f6e20ea67d4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845461/; classtype:trojan-activity;sid:84708561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845462)"; flow:established,from_client; content:"GET"; http_method; content:"/22b8dad8-de06-410e-bbdd-8f6e20ea67d4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845462/; classtype:trojan-activity;sid:84708562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.230.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845460/; classtype:trojan-activity;sid:84708560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.46.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845459/; classtype:trojan-activity;sid:84708559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845458/; classtype:trojan-activity;sid:84708558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845457)"; flow:established,from_client; content:"GET"; http_method; content:"/59475bbc-a812-4fbf-b7b8-a90030208614/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845457/; classtype:trojan-activity;sid:84708557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845456)"; flow:established,from_client; content:"GET"; http_method; content:"/59475bbc-a812-4fbf-b7b8-a90030208614/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845456/; classtype:trojan-activity;sid:84708556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.235.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845455/; classtype:trojan-activity;sid:84708555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845454)"; flow:established,from_client; content:"GET"; http_method; content:"/5c36f804-6d3e-4843-a8a0-9b2870cc4efc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845454/; classtype:trojan-activity;sid:84708554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845453)"; flow:established,from_client; content:"GET"; http_method; content:"/5c36f804-6d3e-4843-a8a0-9b2870cc4efc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845453/; classtype:trojan-activity;sid:84708553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.23.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845452/; classtype:trojan-activity;sid:84708552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.13.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845451/; classtype:trojan-activity;sid:84708551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845450)"; flow:established,from_client; content:"GET"; http_method; content:"/5e3065fd-464c-4c50-bc0c-c42119f718ac/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845450/; classtype:trojan-activity;sid:84708550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845449)"; flow:established,from_client; content:"GET"; http_method; content:"/5e3065fd-464c-4c50-bc0c-c42119f718ac/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845449/; classtype:trojan-activity;sid:84708549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.210.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845448/; classtype:trojan-activity;sid:84708548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845447/; classtype:trojan-activity;sid:84708547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845446)"; flow:established,from_client; content:"GET"; http_method; content:"/1fdbe36e-73b0-46e7-a37d-00ce19dc1c74/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845446/; classtype:trojan-activity;sid:84708546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845445)"; flow:established,from_client; content:"GET"; http_method; content:"/1fdbe36e-73b0-46e7-a37d-00ce19dc1c74/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845445/; classtype:trojan-activity;sid:84708545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.218.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845444/; classtype:trojan-activity;sid:84708544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845442)"; flow:established,from_client; content:"GET"; http_method; content:"/cb1aee61-9488-4e58-8734-42f7efbcde64/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845442/; classtype:trojan-activity;sid:84708542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845443)"; flow:established,from_client; content:"GET"; http_method; content:"/cb1aee61-9488-4e58-8734-42f7efbcde64/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845443/; classtype:trojan-activity;sid:84708543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845441/; classtype:trojan-activity;sid:84708541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845440)"; flow:established,from_client; content:"GET"; http_method; content:"/e272593a-18f4-47d6-98ad-4e5f45fed5ce/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845440/; classtype:trojan-activity;sid:84708540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845439)"; flow:established,from_client; content:"GET"; http_method; content:"/e272593a-18f4-47d6-98ad-4e5f45fed5ce/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845439/; classtype:trojan-activity;sid:84708539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845438)"; flow:established,from_client; content:"GET"; http_method; content:"/cadabc5d-cbff-4792-b272-b1794a3ad5b2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845438/; classtype:trojan-activity;sid:84708538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845437/; classtype:trojan-activity;sid:84708537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845436)"; flow:established,from_client; content:"GET"; http_method; content:"/cadabc5d-cbff-4792-b272-b1794a3ad5b2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845436/; classtype:trojan-activity;sid:84708536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845435)"; flow:established,from_client; content:"GET"; http_method; content:"/54c56555-6e2a-4c4d-83b6-b24859b1ae07/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845435/; classtype:trojan-activity;sid:84708535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845434)"; flow:established,from_client; content:"GET"; http_method; content:"/54c56555-6e2a-4c4d-83b6-b24859b1ae07/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845434/; classtype:trojan-activity;sid:84708534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845433)"; flow:established,from_client; content:"GET"; http_method; content:"/fb2c064e-b53d-45a5-89eb-1d7a08fcc8fc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845433/; classtype:trojan-activity;sid:84708533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845432)"; flow:established,from_client; content:"GET"; http_method; content:"/fb2c064e-b53d-45a5-89eb-1d7a08fcc8fc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845432/; classtype:trojan-activity;sid:84708532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845430)"; flow:established,from_client; content:"GET"; http_method; content:"/ef28f7d3-303e-433a-8a29-d58cd6aecf40/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845430/; classtype:trojan-activity;sid:84708530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845431)"; flow:established,from_client; content:"GET"; http_method; content:"/ef28f7d3-303e-433a-8a29-d58cd6aecf40/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845431/; classtype:trojan-activity;sid:84708531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.23.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845429/; classtype:trojan-activity;sid:84708529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845428/; classtype:trojan-activity;sid:84708528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.210.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845427/; classtype:trojan-activity;sid:84708527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845426)"; flow:established,from_client; content:"GET"; http_method; content:"/23e61ebb-420a-4446-9185-039746d86e5d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845426/; classtype:trojan-activity;sid:84708526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845425)"; flow:established,from_client; content:"GET"; http_method; content:"/23e61ebb-420a-4446-9185-039746d86e5d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845425/; classtype:trojan-activity;sid:84708525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.98.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845424/; classtype:trojan-activity;sid:84708524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.127.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845423/; classtype:trojan-activity;sid:84708523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.158.19.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845422/; classtype:trojan-activity;sid:84708522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.209.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845421/; classtype:trojan-activity;sid:84708521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845420)"; flow:established,from_client; content:"GET"; http_method; content:"/03eb79ea-2282-4df9-afab-3167bae6be33/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845420/; classtype:trojan-activity;sid:84708520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845419)"; flow:established,from_client; content:"GET"; http_method; content:"/03eb79ea-2282-4df9-afab-3167bae6be33/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845419/; classtype:trojan-activity;sid:84708519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845418)"; flow:established,from_client; content:"GET"; http_method; content:"/7683942d-084b-4bd3-ace5-d678724330f4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845418/; classtype:trojan-activity;sid:84708518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845417)"; flow:established,from_client; content:"GET"; http_method; content:"/7683942d-084b-4bd3-ace5-d678724330f4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845417/; classtype:trojan-activity;sid:84708517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845416/; classtype:trojan-activity;sid:84708516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.232.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845415/; classtype:trojan-activity;sid:84708515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845414)"; flow:established,from_client; content:"GET"; http_method; content:"/a33e9771-b625-4653-b504-34d17e7cf960/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845414/; classtype:trojan-activity;sid:84708514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845413)"; flow:established,from_client; content:"GET"; http_method; content:"/a33e9771-b625-4653-b504-34d17e7cf960/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845413/; classtype:trojan-activity;sid:84708513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.70.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845412/; classtype:trojan-activity;sid:84708512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845410)"; flow:established,from_client; content:"GET"; http_method; content:"/fd3443c0-383f-46c3-b11e-1d173e331816/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845410/; classtype:trojan-activity;sid:84708510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845411)"; flow:established,from_client; content:"GET"; http_method; content:"/fd3443c0-383f-46c3-b11e-1d173e331816/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845411/; classtype:trojan-activity;sid:84708511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.127.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845409/; classtype:trojan-activity;sid:84708509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.191.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845408/; classtype:trojan-activity;sid:84708508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845407)"; flow:established,from_client; content:"GET"; http_method; content:"/cf727ace-534d-4177-b75f-87e71670630d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845407/; classtype:trojan-activity;sid:84708507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845406)"; flow:established,from_client; content:"GET"; http_method; content:"/cf727ace-534d-4177-b75f-87e71670630d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845406/; classtype:trojan-activity;sid:84708506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845405/; classtype:trojan-activity;sid:84708505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.126.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845404/; classtype:trojan-activity;sid:84708504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845402)"; flow:established,from_client; content:"GET"; http_method; content:"/5972b8c5-08b5-4713-a917-db4d493c739d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845402/; classtype:trojan-activity;sid:84708502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845403)"; flow:established,from_client; content:"GET"; http_method; content:"/5972b8c5-08b5-4713-a917-db4d493c739d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845403/; classtype:trojan-activity;sid:84708503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845401)"; flow:established,from_client; content:"GET"; http_method; content:"/7ab0aa1f-7883-47d6-b686-4c2edcf28c09/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845401/; classtype:trojan-activity;sid:84708501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845400)"; flow:established,from_client; content:"GET"; http_method; content:"/7ab0aa1f-7883-47d6-b686-4c2edcf28c09/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"data-core-logic-resource-center.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845400/; classtype:trojan-activity;sid:84708500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.159.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845399/; classtype:trojan-activity;sid:84708499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845398)"; flow:established,from_client; content:"GET"; http_method; content:"/65f39a71-ee49-4e5b-8703-3e09ceb6b88d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845398/; classtype:trojan-activity;sid:84708498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845397)"; flow:established,from_client; content:"GET"; http_method; content:"/65f39a71-ee49-4e5b-8703-3e09ceb6b88d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845397/; classtype:trojan-activity;sid:84708497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.226.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845396/; classtype:trojan-activity;sid:84708496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.42.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845395/; classtype:trojan-activity;sid:84708495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.70.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845394/; classtype:trojan-activity;sid:84708494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845393)"; flow:established,from_client; content:"GET"; http_method; content:"/706bd8f0-d643-44a0-a0f5-b69650d9afec/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845393/; classtype:trojan-activity;sid:84708493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845392)"; flow:established,from_client; content:"GET"; http_method; content:"/706bd8f0-d643-44a0-a0f5-b69650d9afec/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845392/; classtype:trojan-activity;sid:84708492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845391)"; flow:established,from_client; content:"GET"; http_method; content:"/824648df-f709-4d91-a1a0-80f25638ffdf/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845391/; classtype:trojan-activity;sid:84708491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845390)"; flow:established,from_client; content:"GET"; http_method; content:"/824648df-f709-4d91-a1a0-80f25638ffdf/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845390/; classtype:trojan-activity;sid:84708490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.158.19.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845389/; classtype:trojan-activity;sid:84708489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845388)"; flow:established,from_client; content:"GET"; http_method; content:"/0513b386-d2ff-47b5-9717-e71386056511/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845388/; classtype:trojan-activity;sid:84708488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845387)"; flow:established,from_client; content:"GET"; http_method; content:"/0513b386-d2ff-47b5-9717-e71386056511/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845387/; classtype:trojan-activity;sid:84708487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845386)"; flow:established,from_client; content:"GET"; http_method; content:"/b2f02d64-3d5d-4cbb-a88e-04d6ff63db87/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845386/; classtype:trojan-activity;sid:84708486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845385)"; flow:established,from_client; content:"GET"; http_method; content:"/b2f02d64-3d5d-4cbb-a88e-04d6ff63db87/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845385/; classtype:trojan-activity;sid:84708485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.213.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845384/; classtype:trojan-activity;sid:84708484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845383)"; flow:established,from_client; content:"GET"; http_method; content:"/e1cea497-34fb-47c3-9df0-97878e9cadb9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845383/; classtype:trojan-activity;sid:84708483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845382)"; flow:established,from_client; content:"GET"; http_method; content:"/e1cea497-34fb-47c3-9df0-97878e9cadb9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"network-security-ops-flow-base.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845382/; classtype:trojan-activity;sid:84708482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845381/; classtype:trojan-activity;sid:84708481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845380)"; flow:established,from_client; content:"GET"; http_method; content:"/b8d5d81a-bb7c-43c9-9f79-870650f62d28/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845380/; classtype:trojan-activity;sid:84708480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845379)"; flow:established,from_client; content:"GET"; http_method; content:"/b8d5d81a-bb7c-43c9-9f79-870650f62d28/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845379/; classtype:trojan-activity;sid:84708479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845377)"; flow:established,from_client; content:"GET"; http_method; content:"/edac5160-cbf2-44a0-9de7-edd72a530600/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845377/; classtype:trojan-activity;sid:84708477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845378)"; flow:established,from_client; content:"GET"; http_method; content:"/edac5160-cbf2-44a0-9de7-edd72a530600/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845378/; classtype:trojan-activity;sid:84708478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.191.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845376/; classtype:trojan-activity;sid:84708476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845375/; classtype:trojan-activity;sid:84708475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.42.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845374/; classtype:trojan-activity;sid:84708474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845373)"; flow:established,from_client; content:"GET"; http_method; content:"/31c63f2a-eca7-4043-99c0-b6f5e525eb5d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845373/; classtype:trojan-activity;sid:84708473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845372)"; flow:established,from_client; content:"GET"; http_method; content:"/31c63f2a-eca7-4043-99c0-b6f5e525eb5d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845372/; classtype:trojan-activity;sid:84708472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.98.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845371/; classtype:trojan-activity;sid:84708471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845370)"; flow:established,from_client; content:"GET"; http_method; content:"/70e93b65-b476-4dc1-bf7d-cb639362af60/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845370/; classtype:trojan-activity;sid:84708470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845369)"; flow:established,from_client; content:"GET"; http_method; content:"/70e93b65-b476-4dc1-bf7d-cb639362af60/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845369/; classtype:trojan-activity;sid:84708469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845368)"; flow:established,from_client; content:"GET"; http_method; content:"/aaae4c9e-6096-42a9-bc9e-eac24a926688/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845368/; classtype:trojan-activity;sid:84708468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845367)"; flow:established,from_client; content:"GET"; http_method; content:"/aaae4c9e-6096-42a9-bc9e-eac24a926688/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"open-api-protocol-storage-guide.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845367/; classtype:trojan-activity;sid:84708467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.226.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845366/; classtype:trojan-activity;sid:84708466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.109.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845365/; classtype:trojan-activity;sid:84708465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845363)"; flow:established,from_client; content:"GET"; http_method; content:"/cb370c09-b45e-4d84-bbd3-fd256d6ee89b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845363/; classtype:trojan-activity;sid:84708463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845364)"; flow:established,from_client; content:"GET"; http_method; content:"/cb370c09-b45e-4d84-bbd3-fd256d6ee89b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845364/; classtype:trojan-activity;sid:84708464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845361)"; flow:established,from_client; content:"GET"; http_method; content:"/37b49bbb-1752-4a9e-8270-5f9abefe37d9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845361/; classtype:trojan-activity;sid:84708461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845362)"; flow:established,from_client; content:"GET"; http_method; content:"/37b49bbb-1752-4a9e-8270-5f9abefe37d9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845362/; classtype:trojan-activity;sid:84708462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845360)"; flow:established,from_client; content:"GET"; http_method; content:"/228984a7-7242-4f89-8d70-3d2f012644e6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845360/; classtype:trojan-activity;sid:84708460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845359)"; flow:established,from_client; content:"GET"; http_method; content:"/228984a7-7242-4f89-8d70-3d2f012644e6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845359/; classtype:trojan-activity;sid:84708459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.98.238.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845358/; classtype:trojan-activity;sid:84708458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845357)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaca26e-56f9-4250-8b15-802e52238594/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845357/; classtype:trojan-activity;sid:84708457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845356)"; flow:established,from_client; content:"GET"; http_method; content:"/dcaca26e-56f9-4250-8b15-802e52238594/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"system-stack-node-data-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845356/; classtype:trojan-activity;sid:84708456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845355)"; flow:established,from_client; content:"GET"; http_method; content:"/320ed27c-6dc9-41cf-ac71-9156ee8bf719/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845355/; classtype:trojan-activity;sid:84708455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845354)"; flow:established,from_client; content:"GET"; http_method; content:"/320ed27c-6dc9-41cf-ac71-9156ee8bf719/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845354/; classtype:trojan-activity;sid:84708454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845352)"; flow:established,from_client; content:"GET"; http_method; content:"/7889149b-c15d-4720-9a5b-ffe7f18f6e30/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845352/; classtype:trojan-activity;sid:84708452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845353)"; flow:established,from_client; content:"GET"; http_method; content:"/7889149b-c15d-4720-9a5b-ffe7f18f6e30/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845353/; classtype:trojan-activity;sid:84708453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.175.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845351/; classtype:trojan-activity;sid:84708451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845350)"; flow:established,from_client; content:"GET"; http_method; content:"/de4716fe-30e5-4d96-9651-913fd8404122/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845350/; classtype:trojan-activity;sid:84708450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845349)"; flow:established,from_client; content:"GET"; http_method; content:"/de4716fe-30e5-4d96-9651-913fd8404122/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845349/; classtype:trojan-activity;sid:84708449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845347)"; flow:established,from_client; content:"GET"; http_method; content:"/463bd746-b309-4339-8645-df83014f7b3f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845347/; classtype:trojan-activity;sid:84708447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845348)"; flow:established,from_client; content:"GET"; http_method; content:"/463bd746-b309-4339-8645-df83014f7b3f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845348/; classtype:trojan-activity;sid:84708448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.161.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845346/; classtype:trojan-activity;sid:84708446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845345)"; flow:established,from_client; content:"GET"; http_method; content:"/4945ffa4-1b09-4e8a-8858-f91043a011a5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845345/; classtype:trojan-activity;sid:84708445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845344)"; flow:established,from_client; content:"GET"; http_method; content:"/4945ffa4-1b09-4e8a-8858-f91043a011a5/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845344/; classtype:trojan-activity;sid:84708444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.109.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845342/; classtype:trojan-activity;sid:84708442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.240.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845343/; classtype:trojan-activity;sid:84708443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845341)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85de60-de00-4ea7-8142-32111d585e10/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845341/; classtype:trojan-activity;sid:84708441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845340)"; flow:established,from_client; content:"GET"; http_method; content:"/1d85de60-de00-4ea7-8142-32111d585e10/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"global-cloud-infra-logic-manual.wiki"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845340/; classtype:trojan-activity;sid:84708440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.1.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845339/; classtype:trojan-activity;sid:84708439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.139.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845338/; classtype:trojan-activity;sid:84708438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.238.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845337/; classtype:trojan-activity;sid:84708437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.163.187.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845336/; classtype:trojan-activity;sid:84708436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.175.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845335/; classtype:trojan-activity;sid:84708435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.155.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845334/; classtype:trojan-activity;sid:84708434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845333/; classtype:trojan-activity;sid:84708433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.222.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845331/; classtype:trojan-activity;sid:84708431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.91.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845332/; classtype:trojan-activity;sid:84708432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.222.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845330/; classtype:trojan-activity;sid:84708430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845329/; classtype:trojan-activity;sid:84708429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.138.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845328/; classtype:trojan-activity;sid:84708428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845327/; classtype:trojan-activity;sid:84708427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.239.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845326/; classtype:trojan-activity;sid:84708426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.1.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845325/; classtype:trojan-activity;sid:84708425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845324/; classtype:trojan-activity;sid:84708424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845323)"; flow:established,from_client; content:"GET"; http_method; content:"/e36c3588-15d5-48e6-a864-638f607e3a75/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845323/; classtype:trojan-activity;sid:84708423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845322)"; flow:established,from_client; content:"GET"; http_method; content:"/e36c3588-15d5-48e6-a864-638f607e3a75/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845322/; classtype:trojan-activity;sid:84708422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.100.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845321/; classtype:trojan-activity;sid:84708421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845320)"; flow:established,from_client; content:"GET"; http_method; content:"/4ec759d3-8a78-4a71-9631-b960843a2570/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845320/; classtype:trojan-activity;sid:84708420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845319)"; flow:established,from_client; content:"GET"; http_method; content:"/4ec759d3-8a78-4a71-9631-b960843a2570/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845319/; classtype:trojan-activity;sid:84708419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845318)"; flow:established,from_client; content:"GET"; http_method; content:"/5c97f4fa-84fc-4bb6-bd98-98270874efde/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845318/; classtype:trojan-activity;sid:84708418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845317)"; flow:established,from_client; content:"GET"; http_method; content:"/5c97f4fa-84fc-4bb6-bd98-98270874efde/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845317/; classtype:trojan-activity;sid:84708417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845316/; classtype:trojan-activity;sid:84708416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845315)"; flow:established,from_client; content:"GET"; http_method; content:"/5c6c47f2-36cd-4e28-8a60-e2bee74c0694/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845315/; classtype:trojan-activity;sid:84708415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845314)"; flow:established,from_client; content:"GET"; http_method; content:"/5c6c47f2-36cd-4e28-8a60-e2bee74c0694/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845314/; classtype:trojan-activity;sid:84708414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845313)"; flow:established,from_client; content:"GET"; http_method; content:"/afef312d-63ed-4c30-b3b5-58da8b868fea/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845313/; classtype:trojan-activity;sid:84708413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845312)"; flow:established,from_client; content:"GET"; http_method; content:"/afef312d-63ed-4c30-b3b5-58da8b868fea/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845312/; classtype:trojan-activity;sid:84708412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845311/; classtype:trojan-activity;sid:84708411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845309)"; flow:established,from_client; content:"GET"; http_method; content:"/7c881852-e522-4ce6-a104-6b8573c4a514/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845309/; classtype:trojan-activity;sid:84708409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845310)"; flow:established,from_client; content:"GET"; http_method; content:"/7c881852-e522-4ce6-a104-6b8573c4a514/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845310/; classtype:trojan-activity;sid:84708410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845308)"; flow:established,from_client; content:"GET"; http_method; content:"/1a36e78d-fb86-4d5a-b499-57f2b8376933/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845308/; classtype:trojan-activity;sid:84708408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845307)"; flow:established,from_client; content:"GET"; http_method; content:"/1a36e78d-fb86-4d5a-b499-57f2b8376933/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845307/; classtype:trojan-activity;sid:84708407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845305)"; flow:established,from_client; content:"GET"; http_method; content:"/a260d8ea-1d0c-4ea4-9987-e9901903417e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845305/; classtype:trojan-activity;sid:84708405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845306)"; flow:established,from_client; content:"GET"; http_method; content:"/a260d8ea-1d0c-4ea4-9987-e9901903417e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845306/; classtype:trojan-activity;sid:84708406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845304/; classtype:trojan-activity;sid:84708404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845302)"; flow:established,from_client; content:"GET"; http_method; content:"/6f5e8897-5c43-4f2c-9d55-1ee88bc814bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845302/; classtype:trojan-activity;sid:84708402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845303)"; flow:established,from_client; content:"GET"; http_method; content:"/6f5e8897-5c43-4f2c-9d55-1ee88bc814bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845303/; classtype:trojan-activity;sid:84708403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845301)"; flow:established,from_client; content:"GET"; http_method; content:"/7c7992cb-e74e-432c-a362-c114365aa9b6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845301/; classtype:trojan-activity;sid:84708401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845300)"; flow:established,from_client; content:"GET"; http_method; content:"/7c7992cb-e74e-432c-a362-c114365aa9b6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845300/; classtype:trojan-activity;sid:84708400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845299)"; flow:established,from_client; content:"GET"; http_method; content:"/94fb828c-21b3-44a3-a534-63ed1dac98c0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845299/; classtype:trojan-activity;sid:84708399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845298)"; flow:established,from_client; content:"GET"; http_method; content:"/94fb828c-21b3-44a3-a534-63ed1dac98c0/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845298/; classtype:trojan-activity;sid:84708398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845296)"; flow:established,from_client; content:"GET"; http_method; content:"/6091b429-bd30-4571-9ad7-70f6647f73cd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845296/; classtype:trojan-activity;sid:84708396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845297)"; flow:established,from_client; content:"GET"; http_method; content:"/6091b429-bd30-4571-9ad7-70f6647f73cd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845297/; classtype:trojan-activity;sid:84708397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845295)"; flow:established,from_client; content:"GET"; http_method; content:"/4973fdbf-c83d-4e75-a01e-ee526e8ca1bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845295/; classtype:trojan-activity;sid:84708395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845294)"; flow:established,from_client; content:"GET"; http_method; content:"/4973fdbf-c83d-4e75-a01e-ee526e8ca1bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845294/; classtype:trojan-activity;sid:84708394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845293/; classtype:trojan-activity;sid:84708393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845292)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc6c1d2-b28b-4bc1-a4da-eb58e44d40e1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845292/; classtype:trojan-activity;sid:84708392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.171.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845291/; classtype:trojan-activity;sid:84708391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845290)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc6c1d2-b28b-4bc1-a4da-eb58e44d40e1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845290/; classtype:trojan-activity;sid:84708390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845288)"; flow:established,from_client; content:"GET"; http_method; content:"/318e7497-2c23-423b-85a8-6bf32c3a3e5f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845288/; classtype:trojan-activity;sid:84708388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845289)"; flow:established,from_client; content:"GET"; http_method; content:"/318e7497-2c23-423b-85a8-6bf32c3a3e5f/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"master-system-data-core-wiki.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845289/; classtype:trojan-activity;sid:84708389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845287)"; flow:established,from_client; content:"GET"; http_method; content:"/a687fee0-026f-4a0c-9445-da6485dc1b0c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845287/; classtype:trojan-activity;sid:84708387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845285/; classtype:trojan-activity;sid:84708385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845286)"; flow:established,from_client; content:"GET"; http_method; content:"/a687fee0-026f-4a0c-9445-da6485dc1b0c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845286/; classtype:trojan-activity;sid:84708386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.194.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845284/; classtype:trojan-activity;sid:84708384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845282)"; flow:established,from_client; content:"GET"; http_method; content:"/61625e2b-2964-4a24-b118-517a1530d8a6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845282/; classtype:trojan-activity;sid:84708382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845283)"; flow:established,from_client; content:"GET"; http_method; content:"/61625e2b-2964-4a24-b118-517a1530d8a6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845283/; classtype:trojan-activity;sid:84708383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845280)"; flow:established,from_client; content:"GET"; http_method; content:"/f25404cd-c086-49d0-95d6-96cf975a6eb3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845280/; classtype:trojan-activity;sid:84708380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845281)"; flow:established,from_client; content:"GET"; http_method; content:"/f25404cd-c086-49d0-95d6-96cf975a6eb3/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845281/; classtype:trojan-activity;sid:84708381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845279)"; flow:established,from_client; content:"GET"; http_method; content:"/e667cbb7-d23d-48bf-8b35-74ce4ccbdce7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845279/; classtype:trojan-activity;sid:84708379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845278)"; flow:established,from_client; content:"GET"; http_method; content:"/e667cbb7-d23d-48bf-8b35-74ce4ccbdce7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845278/; classtype:trojan-activity;sid:84708378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845276)"; flow:established,from_client; content:"GET"; http_method; content:"/9074e0da-fae9-44d6-affa-1ee12b819294/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845276/; classtype:trojan-activity;sid:84708376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845277)"; flow:established,from_client; content:"GET"; http_method; content:"/9074e0da-fae9-44d6-affa-1ee12b819294/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845277/; classtype:trojan-activity;sid:84708377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.146.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845275/; classtype:trojan-activity;sid:84708375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845274)"; flow:established,from_client; content:"GET"; http_method; content:"/e62163bd-e356-4944-b6d7-3d624d640bd6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845274/; classtype:trojan-activity;sid:84708374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845273)"; flow:established,from_client; content:"GET"; http_method; content:"/e62163bd-e356-4944-b6d7-3d624d640bd6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845273/; classtype:trojan-activity;sid:84708373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845271)"; flow:established,from_client; content:"GET"; http_method; content:"/76d02749-9e33-4700-b541-3100a6eeb9e2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845271/; classtype:trojan-activity;sid:84708371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845272)"; flow:established,from_client; content:"GET"; http_method; content:"/76d02749-9e33-4700-b541-3100a6eeb9e2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845272/; classtype:trojan-activity;sid:84708372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845269)"; flow:established,from_client; content:"GET"; http_method; content:"/6f655646-1782-4f56-b81f-d3993a383a7b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845269/; classtype:trojan-activity;sid:84708369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845270)"; flow:established,from_client; content:"GET"; http_method; content:"/6f655646-1782-4f56-b81f-d3993a383a7b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845270/; classtype:trojan-activity;sid:84708370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845267)"; flow:established,from_client; content:"GET"; http_method; content:"/cc531b2c-7b23-4a02-b90c-8585c37fee7e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845267/; classtype:trojan-activity;sid:84708367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845268)"; flow:established,from_client; content:"GET"; http_method; content:"/cc531b2c-7b23-4a02-b90c-8585c37fee7e/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845268/; classtype:trojan-activity;sid:84708368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.194.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845266/; classtype:trojan-activity;sid:84708366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845264)"; flow:established,from_client; content:"GET"; http_method; content:"/5acd3440-d89a-428a-9d3f-5708a5ae944b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845264/; classtype:trojan-activity;sid:84708364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845265)"; flow:established,from_client; content:"GET"; http_method; content:"/5acd3440-d89a-428a-9d3f-5708a5ae944b/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845265/; classtype:trojan-activity;sid:84708365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.241.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845263/; classtype:trojan-activity;sid:84708363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845262)"; flow:established,from_client; content:"GET"; http_method; content:"/000c158a-7a7d-4ef9-bd1a-c9c9fc2fd6e4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845262/; classtype:trojan-activity;sid:84708362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845261)"; flow:established,from_client; content:"GET"; http_method; content:"/000c158a-7a7d-4ef9-bd1a-c9c9fc2fd6e4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845261/; classtype:trojan-activity;sid:84708361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845260)"; flow:established,from_client; content:"GET"; http_method; content:"/3f1449b9-eef4-486e-aa33-c3f2f82894e8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845260/; classtype:trojan-activity;sid:84708360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845259)"; flow:established,from_client; content:"GET"; http_method; content:"/3f1449b9-eef4-486e-aa33-c3f2f82894e8/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845259/; classtype:trojan-activity;sid:84708359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.18.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845258/; classtype:trojan-activity;sid:84708358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.36.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845256/; classtype:trojan-activity;sid:84708356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845257)"; flow:established,from_client; content:"GET"; http_method; content:"/280ab9b1-2148-4506-b720-12f32fcb9925/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845257/; classtype:trojan-activity;sid:84708357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845255)"; flow:established,from_client; content:"GET"; http_method; content:"/280ab9b1-2148-4506-b720-12f32fcb9925/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845255/; classtype:trojan-activity;sid:84708355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845253)"; flow:established,from_client; content:"GET"; http_method; content:"/237404ff-8f03-4004-9157-8c9da91fade1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845253/; classtype:trojan-activity;sid:84708353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845254)"; flow:established,from_client; content:"GET"; http_method; content:"/237404ff-8f03-4004-9157-8c9da91fade1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tech-script-logic-unit-reference.wiki"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845254/; classtype:trojan-activity;sid:84708354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.36.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845252/; classtype:trojan-activity;sid:84708352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845250)"; flow:established,from_client; content:"GET"; http_method; content:"/97079636-ada5-4c31-ad2a-0a93b0cab7ca/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845250/; classtype:trojan-activity;sid:84708350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845251)"; flow:established,from_client; content:"GET"; http_method; content:"/97079636-ada5-4c31-ad2a-0a93b0cab7ca/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845251/; classtype:trojan-activity;sid:84708351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845249/; classtype:trojan-activity;sid:84708349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845248)"; flow:established,from_client; content:"GET"; http_method; content:"/c9f61584-d3b3-49bd-9383-5affa5d4a18c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845248/; classtype:trojan-activity;sid:84708348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845247)"; flow:established,from_client; content:"GET"; http_method; content:"/c9f61584-d3b3-49bd-9383-5affa5d4a18c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845247/; classtype:trojan-activity;sid:84708347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845245)"; flow:established,from_client; content:"GET"; http_method; content:"/abc874e6-9d5a-42d5-a4bd-ebbad676093a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845245/; classtype:trojan-activity;sid:84708345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845246)"; flow:established,from_client; content:"GET"; http_method; content:"/abc874e6-9d5a-42d5-a4bd-ebbad676093a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845246/; classtype:trojan-activity;sid:84708346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.18.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845244/; classtype:trojan-activity;sid:84708344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845242)"; flow:established,from_client; content:"GET"; http_method; content:"/b2ae71be-342b-456c-a74f-15e7c6acf4bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845242/; classtype:trojan-activity;sid:84708342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845243)"; flow:established,from_client; content:"GET"; http_method; content:"/b2ae71be-342b-456c-a74f-15e7c6acf4bd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845243/; classtype:trojan-activity;sid:84708343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.158.158.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845240/; classtype:trojan-activity;sid:84708340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845241)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=wgzsxucuuophktdk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yywyvtur.hor1inka-lonely.digital"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845241/; classtype:trojan-activity;sid:84708341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845239)"; flow:established,from_client; content:"GET"; http_method; content:"/ca67aad4-e3ae-4be9-9e72-0761875c2b9a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845239/; classtype:trojan-activity;sid:84708339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845238)"; flow:established,from_client; content:"GET"; http_method; content:"/ca67aad4-e3ae-4be9-9e72-0761875c2b9a/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845238/; classtype:trojan-activity;sid:84708338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.38.158.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845237/; classtype:trojan-activity;sid:84708337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845236)"; flow:established,from_client; content:"GET"; http_method; content:"/18af9f4f-2c31-4130-85c8-220bd888e9e7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845236/; classtype:trojan-activity;sid:84708336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845235)"; flow:established,from_client; content:"GET"; http_method; content:"/18af9f4f-2c31-4130-85c8-220bd888e9e7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845235/; classtype:trojan-activity;sid:84708335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.231.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845234/; classtype:trojan-activity;sid:84708334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.240.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845233/; classtype:trojan-activity;sid:84708333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845231)"; flow:established,from_client; content:"GET"; http_method; content:"/26055b81-2fb6-4807-aa3a-1cfb27175afd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845231/; classtype:trojan-activity;sid:84708331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845232)"; flow:established,from_client; content:"GET"; http_method; content:"/26055b81-2fb6-4807-aa3a-1cfb27175afd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845232/; classtype:trojan-activity;sid:84708332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845230)"; flow:established,from_client; content:"GET"; http_method; content:"/4cb43a32-241e-45c2-aafe-fe3b578e74e7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845230/; classtype:trojan-activity;sid:84708330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845229)"; flow:established,from_client; content:"GET"; http_method; content:"/4cb43a32-241e-45c2-aafe-fe3b578e74e7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845229/; classtype:trojan-activity;sid:84708329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845227)"; flow:established,from_client; content:"GET"; http_method; content:"/0127ddd0-5a50-4275-9d1a-4e19ca99d171/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845227/; classtype:trojan-activity;sid:84708327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845228)"; flow:established,from_client; content:"GET"; http_method; content:"/0127ddd0-5a50-4275-9d1a-4e19ca99d171/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845228/; classtype:trojan-activity;sid:84708328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845226/; classtype:trojan-activity;sid:84708326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.158.158.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845225/; classtype:trojan-activity;sid:84708325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845223)"; flow:established,from_client; content:"GET"; http_method; content:"/918c0b84-e5b0-421f-99a1-4f8e89f801cc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845223/; classtype:trojan-activity;sid:84708323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845224)"; flow:established,from_client; content:"GET"; http_method; content:"/918c0b84-e5b0-421f-99a1-4f8e89f801cc/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845224/; classtype:trojan-activity;sid:84708324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845222)"; flow:established,from_client; content:"GET"; http_method; content:"/eb15536a-beb1-4cdc-8e0b-dcae28ed1549/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845222/; classtype:trojan-activity;sid:84708322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845221)"; flow:established,from_client; content:"GET"; http_method; content:"/eb15536a-beb1-4cdc-8e0b-dcae28ed1549/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845221/; classtype:trojan-activity;sid:84708321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845220/; classtype:trojan-activity;sid:84708320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845219)"; flow:established,from_client; content:"GET"; http_method; content:"/e990fc18-0966-4b52-a667-cd31e6b885ce/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845219/; classtype:trojan-activity;sid:84708319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845218)"; flow:established,from_client; content:"GET"; http_method; content:"/e990fc18-0966-4b52-a667-cd31e6b885ce/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845218/; classtype:trojan-activity;sid:84708318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.30.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845217/; classtype:trojan-activity;sid:84708317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845216)"; flow:established,from_client; content:"GET"; http_method; content:"/1174c646-6fac-4a96-814a-648bfa85b4d1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845216/; classtype:trojan-activity;sid:84708316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845215)"; flow:established,from_client; content:"GET"; http_method; content:"/1174c646-6fac-4a96-814a-648bfa85b4d1/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845215/; classtype:trojan-activity;sid:84708315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845214/; classtype:trojan-activity;sid:84708314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845212)"; flow:established,from_client; content:"GET"; http_method; content:"/00fa3cec-c276-47e1-ba57-3deac1b33b75/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845212/; classtype:trojan-activity;sid:84708312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845213)"; flow:established,from_client; content:"GET"; http_method; content:"/00fa3cec-c276-47e1-ba57-3deac1b33b75/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"digital-node-cloud-ops-manual.wiki"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845213/; classtype:trojan-activity;sid:84708313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845211)"; flow:established,from_client; content:"GET"; http_method; content:"/d19fc57b-1376-4869-bff0-8a6130c453a6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845211/; classtype:trojan-activity;sid:84708311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845210)"; flow:established,from_client; content:"GET"; http_method; content:"/d19fc57b-1376-4869-bff0-8a6130c453a6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845210/; classtype:trojan-activity;sid:84708310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.165.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845209/; classtype:trojan-activity;sid:84708309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845208)"; flow:established,from_client; content:"GET"; http_method; content:"/f53b8e3e-4480-4d7e-92c0-28a362f374c9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845208/; classtype:trojan-activity;sid:84708308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845207)"; flow:established,from_client; content:"GET"; http_method; content:"/f53b8e3e-4480-4d7e-92c0-28a362f374c9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845207/; classtype:trojan-activity;sid:84708307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845206)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc76c59-f07b-4b20-8416-936206895ad4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845206/; classtype:trojan-activity;sid:84708306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845205)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc76c59-f07b-4b20-8416-936206895ad4/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845205/; classtype:trojan-activity;sid:84708305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.255.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845204/; classtype:trojan-activity;sid:84708304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845202)"; flow:established,from_client; content:"GET"; http_method; content:"/38047451-8b12-4f88-85f7-628272d56961/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845202/; classtype:trojan-activity;sid:84708302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845203)"; flow:established,from_client; content:"GET"; http_method; content:"/38047451-8b12-4f88-85f7-628272d56961/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845203/; classtype:trojan-activity;sid:84708303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845201)"; flow:established,from_client; content:"GET"; http_method; content:"/d99221c6-6d95-4d50-a347-19fdb61c6eb6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845201/; classtype:trojan-activity;sid:84708301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845200)"; flow:established,from_client; content:"GET"; http_method; content:"/d99221c6-6d95-4d50-a347-19fdb61c6eb6/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845200/; classtype:trojan-activity;sid:84708300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.249.199.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845199/; classtype:trojan-activity;sid:84708299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845198)"; flow:established,from_client; content:"GET"; http_method; content:"/d69a9aae-dd4a-483e-a720-97ac3d229a59/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845198/; classtype:trojan-activity;sid:84708298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845197)"; flow:established,from_client; content:"GET"; http_method; content:"/d69a9aae-dd4a-483e-a720-97ac3d229a59/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845197/; classtype:trojan-activity;sid:84708297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.157.47.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845196/; classtype:trojan-activity;sid:84708296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845194)"; flow:established,from_client; content:"GET"; http_method; content:"/df49db8e-f0cd-4738-81a0-d47774f433cd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845194/; classtype:trojan-activity;sid:84708294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845195)"; flow:established,from_client; content:"GET"; http_method; content:"/df49db8e-f0cd-4738-81a0-d47774f433cd/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845195/; classtype:trojan-activity;sid:84708295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845193)"; flow:established,from_client; content:"GET"; http_method; content:"/11950d60-d756-4479-b6ec-87e4ea33abd9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845193/; classtype:trojan-activity;sid:84708293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845192)"; flow:established,from_client; content:"GET"; http_method; content:"/11950d60-d756-4479-b6ec-87e4ea33abd9/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845192/; classtype:trojan-activity;sid:84708292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845191/; classtype:trojan-activity;sid:84708291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845190)"; flow:established,from_client; content:"GET"; http_method; content:"/f6fee7f2-a31b-4dd1-922e-f0a590cd9c6c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845190/; classtype:trojan-activity;sid:84708290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845189)"; flow:established,from_client; content:"GET"; http_method; content:"/f6fee7f2-a31b-4dd1-922e-f0a590cd9c6c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845189/; classtype:trojan-activity;sid:84708289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845188)"; flow:established,from_client; content:"GET"; http_method; content:"/1c203482-ff45-41b3-915a-a0b9e54ea2a2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845188/; classtype:trojan-activity;sid:84708288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845187)"; flow:established,from_client; content:"GET"; http_method; content:"/1c203482-ff45-41b3-915a-a0b9e54ea2a2/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845187/; classtype:trojan-activity;sid:84708287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845185)"; flow:established,from_client; content:"GET"; http_method; content:"/949ade46-b51c-48c0-90cd-82ab421b5870/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845185/; classtype:trojan-activity;sid:84708285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845186)"; flow:established,from_client; content:"GET"; http_method; content:"/949ade46-b51c-48c0-90cd-82ab421b5870/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845186/; classtype:trojan-activity;sid:84708286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.165.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845184/; classtype:trojan-activity;sid:84708284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845182)"; flow:established,from_client; content:"GET"; http_method; content:"/2cae9b30-7054-4ece-be89-7f724d63d822/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845182/; classtype:trojan-activity;sid:84708282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845183)"; flow:established,from_client; content:"GET"; http_method; content:"/2cae9b30-7054-4ece-be89-7f724d63d822/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845183/; classtype:trojan-activity;sid:84708283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845181)"; flow:established,from_client; content:"GET"; http_method; content:"/06c86e9c-a0fb-41e5-9d15-b5fec3b489e7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845181/; classtype:trojan-activity;sid:84708281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845180)"; flow:established,from_client; content:"GET"; http_method; content:"/06c86e9c-a0fb-41e5-9d15-b5fec3b489e7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845180/; classtype:trojan-activity;sid:84708280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.148.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845179/; classtype:trojan-activity;sid:84708279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845178)"; flow:established,from_client; content:"GET"; http_method; content:"/ee23ff70-396f-4ad0-acb9-39b0ac7658f7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845178/; classtype:trojan-activity;sid:84708278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845177)"; flow:established,from_client; content:"GET"; http_method; content:"/ee23ff70-396f-4ad0-acb9-39b0ac7658f7/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845177/; classtype:trojan-activity;sid:84708277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845176)"; flow:established,from_client; content:"GET"; http_method; content:"/977ff74c-13af-455e-a302-e88d747304af/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845176/; classtype:trojan-activity;sid:84708276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845175)"; flow:established,from_client; content:"GET"; http_method; content:"/977ff74c-13af-455e-a302-e88d747304af/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845175/; classtype:trojan-activity;sid:84708275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845173)"; flow:established,from_client; content:"GET"; http_method; content:"/c89c98d6-1e20-452e-b7a5-3f0552f56f6d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845173/; classtype:trojan-activity;sid:84708273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845174)"; flow:established,from_client; content:"GET"; http_method; content:"/c89c98d6-1e20-452e-b7a5-3f0552f56f6d/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"infra-point-bits-service-atlas.wiki"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845174/; classtype:trojan-activity;sid:84708274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.231.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845172/; classtype:trojan-activity;sid:84708272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845170)"; flow:established,from_client; content:"GET"; http_method; content:"/312b2120-ea67-4f45-bb51-a01fcee8af52/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845170/; classtype:trojan-activity;sid:84708270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845171)"; flow:established,from_client; content:"GET"; http_method; content:"/312b2120-ea67-4f45-bb51-a01fcee8af52/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845171/; classtype:trojan-activity;sid:84708271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.221.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845169/; classtype:trojan-activity;sid:84708269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845168)"; flow:established,from_client; content:"GET"; http_method; content:"/341b5cb2-ebb4-43f4-a3d3-9ad26c73b10c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845168/; classtype:trojan-activity;sid:84708268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845167)"; flow:established,from_client; content:"GET"; http_method; content:"/341b5cb2-ebb4-43f4-a3d3-9ad26c73b10c/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"web-logic-stack-dev-notebook.wiki"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845167/; classtype:trojan-activity;sid:84708267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.55.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845166/; classtype:trojan-activity;sid:84708266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845165/; classtype:trojan-activity;sid:84708265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.238.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845164/; classtype:trojan-activity;sid:84708264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.245.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845163/; classtype:trojan-activity;sid:84708263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.246.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845162/; classtype:trojan-activity;sid:84708262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.206.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845161/; classtype:trojan-activity;sid:84708261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.86.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845160/; classtype:trojan-activity;sid:84708260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.231.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845159/; classtype:trojan-activity;sid:84708259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.115.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845158/; classtype:trojan-activity;sid:84708258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.238.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845157/; classtype:trojan-activity;sid:84708257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.9.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845156/; classtype:trojan-activity;sid:84708256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.200.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845155/; classtype:trojan-activity;sid:84708255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.102.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845154/; classtype:trojan-activity;sid:84708254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.84.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845153/; classtype:trojan-activity;sid:84708253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.237.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845152/; classtype:trojan-activity;sid:84708252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.183.196.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845151/; classtype:trojan-activity;sid:84708251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.115.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845150/; classtype:trojan-activity;sid:84708250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.67.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845149/; classtype:trojan-activity;sid:84708249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.125.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845148/; classtype:trojan-activity;sid:84708248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.102.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845147/; classtype:trojan-activity;sid:84708247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.249.199.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845146/; classtype:trojan-activity;sid:84708246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.237.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845145/; classtype:trojan-activity;sid:84708245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.183.196.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845144/; classtype:trojan-activity;sid:84708244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845143/; classtype:trojan-activity;sid:84708243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.9.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845142/; classtype:trojan-activity;sid:84708242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.67.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845141/; classtype:trojan-activity;sid:84708241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.67.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845140/; classtype:trojan-activity;sid:84708240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.249.199.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845139/; classtype:trojan-activity;sid:84708239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.208.157.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845138/; classtype:trojan-activity;sid:84708238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845137/; classtype:trojan-activity;sid:84708237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.119.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845136/; classtype:trojan-activity;sid:84708236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845135/; classtype:trojan-activity;sid:84708235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845134/; classtype:trojan-activity;sid:84708234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.67.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845133/; classtype:trojan-activity;sid:84708233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845132/; classtype:trojan-activity;sid:84708232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.244.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845131/; classtype:trojan-activity;sid:84708231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.242.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845130/; classtype:trojan-activity;sid:84708230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.242.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845129/; classtype:trojan-activity;sid:84708229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.28.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845128/; classtype:trojan-activity;sid:84708228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.119.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845127/; classtype:trojan-activity;sid:84708227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845126/; classtype:trojan-activity;sid:84708226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.125.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845125/; classtype:trojan-activity;sid:84708225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.244.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845124/; classtype:trojan-activity;sid:84708224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.201.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845123/; classtype:trojan-activity;sid:84708223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.47.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845122/; classtype:trojan-activity;sid:84708222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.237.28.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845121/; classtype:trojan-activity;sid:84708221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.242.91.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845120/; classtype:trojan-activity;sid:84708220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.119.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845119/; classtype:trojan-activity;sid:84708219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.47.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845118/; classtype:trojan-activity;sid:84708218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.183.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845117/; classtype:trojan-activity;sid:84708217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.125.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845116/; classtype:trojan-activity;sid:84708216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.201.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845115/; classtype:trojan-activity;sid:84708215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.157.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845114/; classtype:trojan-activity;sid:84708214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.23.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845113/; classtype:trojan-activity;sid:84708213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.242.91.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845112/; classtype:trojan-activity;sid:84708212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845111)"; flow:established,from_client; content:"GET"; http_method; content:"/toot"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845111/; classtype:trojan-activity;sid:84708211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845110/; classtype:trojan-activity;sid:84708210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.119.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845109/; classtype:trojan-activity;sid:84708209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.183.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845108/; classtype:trojan-activity;sid:84708208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.203.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845107/; classtype:trojan-activity;sid:84708207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.132.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845106/; classtype:trojan-activity;sid:84708206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.23.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845105/; classtype:trojan-activity;sid:84708205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.127.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845104/; classtype:trojan-activity;sid:84708204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845103/; classtype:trojan-activity;sid:84708203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845102/; classtype:trojan-activity;sid:84708202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845101)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845101/; classtype:trojan-activity;sid:84708201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.54.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845100/; classtype:trojan-activity;sid:84708200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845099/; classtype:trojan-activity;sid:84708199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.76.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845098/; classtype:trojan-activity;sid:84708198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.239.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845096/; classtype:trojan-activity;sid:84708196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845097/; classtype:trojan-activity;sid:84708197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.239.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845095/; classtype:trojan-activity;sid:84708195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.168.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845094/; classtype:trojan-activity;sid:84708194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.54.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845093/; classtype:trojan-activity;sid:84708193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845092/; classtype:trojan-activity;sid:84708192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.78.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845091/; classtype:trojan-activity;sid:84708191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845090/; classtype:trojan-activity;sid:84708190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.76.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845089/; classtype:trojan-activity;sid:84708189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.47.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845088/; classtype:trojan-activity;sid:84708188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.47.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845087/; classtype:trojan-activity;sid:84708187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.181.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845086/; classtype:trojan-activity;sid:84708186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.93.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845085/; classtype:trojan-activity;sid:84708185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845084/; classtype:trojan-activity;sid:84708184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.213.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845083/; classtype:trojan-activity;sid:84708183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.78.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845082/; classtype:trojan-activity;sid:84708182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845081/; classtype:trojan-activity;sid:84708181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845080/; classtype:trojan-activity;sid:84708180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.31.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845079/; classtype:trojan-activity;sid:84708179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.86.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845078/; classtype:trojan-activity;sid:84708178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845077/; classtype:trojan-activity;sid:84708177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845076/; classtype:trojan-activity;sid:84708176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845075/; classtype:trojan-activity;sid:84708175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.106.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845074/; classtype:trojan-activity;sid:84708174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.235.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845073/; classtype:trojan-activity;sid:84708173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845072/; classtype:trojan-activity;sid:84708172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845071/; classtype:trojan-activity;sid:84708171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.197.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845068/; classtype:trojan-activity;sid:84708168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.190.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845069/; classtype:trojan-activity;sid:84708169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.132.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845070/; classtype:trojan-activity;sid:84708170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.66.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845067/; classtype:trojan-activity;sid:84708167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845066/; classtype:trojan-activity;sid:84708166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845065/; classtype:trojan-activity;sid:84708165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.227.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845064/; classtype:trojan-activity;sid:84708164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.227.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845063/; classtype:trojan-activity;sid:84708163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.168.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845062/; classtype:trojan-activity;sid:84708162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845061/; classtype:trojan-activity;sid:84708161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845060/; classtype:trojan-activity;sid:84708160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.115.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845059/; classtype:trojan-activity;sid:84708159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.230.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845058/; classtype:trojan-activity;sid:84708158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.170.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845057/; classtype:trojan-activity;sid:84708157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.240.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845056/; classtype:trojan-activity;sid:84708156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.39.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845055/; classtype:trojan-activity;sid:84708155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.170.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845053/; classtype:trojan-activity;sid:84708153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.162.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845054/; classtype:trojan-activity;sid:84708154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.115.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845051/; classtype:trojan-activity;sid:84708151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.174.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845052/; classtype:trojan-activity;sid:84708152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.191.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845048/; classtype:trojan-activity;sid:84708148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.108.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845049/; classtype:trojan-activity;sid:84708149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.108.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845050/; classtype:trojan-activity;sid:84708150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.247.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845047/; classtype:trojan-activity;sid:84708147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.168.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845046/; classtype:trojan-activity;sid:84708146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.239.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845044/; classtype:trojan-activity;sid:84708144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.11.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845045/; classtype:trojan-activity;sid:84708145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.111.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845040/; classtype:trojan-activity;sid:84708140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.3.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845041/; classtype:trojan-activity;sid:84708141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.105.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845042/; classtype:trojan-activity;sid:84708142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.230.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845043/; classtype:trojan-activity;sid:84708143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.60.6.147"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845039/; classtype:trojan-activity;sid:84708139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.247.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845038/; classtype:trojan-activity;sid:84708138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.76.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845037/; classtype:trojan-activity;sid:84708137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.89.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845036/; classtype:trojan-activity;sid:84708136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.245.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845035/; classtype:trojan-activity;sid:84708135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.18.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845032/; classtype:trojan-activity;sid:84708132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.75.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845033/; classtype:trojan-activity;sid:84708133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.18.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845034/; classtype:trojan-activity;sid:84708134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.76.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845031/; classtype:trojan-activity;sid:84708131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.75.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845030/; classtype:trojan-activity;sid:84708130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.75.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845028/; classtype:trojan-activity;sid:84708128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845029/; classtype:trojan-activity;sid:84708129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.39.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845027/; classtype:trojan-activity;sid:84708127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845026/; classtype:trojan-activity;sid:84708126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.137.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845025/; classtype:trojan-activity;sid:84708125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.89.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845024/; classtype:trojan-activity;sid:84708124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.231.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845023/; classtype:trojan-activity;sid:84708123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.109.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845022/; classtype:trojan-activity;sid:84708122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.47.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845020/; classtype:trojan-activity;sid:84708120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.29.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845021/; classtype:trojan-activity;sid:84708121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.137.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845019/; classtype:trojan-activity;sid:84708119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.197.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845017/; classtype:trojan-activity;sid:84708117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.241.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845018/; classtype:trojan-activity;sid:84708118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845011/; classtype:trojan-activity;sid:84708111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.111.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845012/; classtype:trojan-activity;sid:84708112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.68.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845013/; classtype:trojan-activity;sid:84708113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845014/; classtype:trojan-activity;sid:84708114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.174.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845015/; classtype:trojan-activity;sid:84708115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.125.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845016/; classtype:trojan-activity;sid:84708116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.118.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845010/; classtype:trojan-activity;sid:84708110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.106.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845009/; classtype:trojan-activity;sid:84708109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.73.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845008/; classtype:trojan-activity;sid:84708108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.16.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845007/; classtype:trojan-activity;sid:84708107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.26.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845006/; classtype:trojan-activity;sid:84708106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.26.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845005/; classtype:trojan-activity;sid:84708105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845004/; classtype:trojan-activity;sid:84708104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845003/; classtype:trojan-activity;sid:84708103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.73.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845002/; classtype:trojan-activity;sid:84708102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845001/; classtype:trojan-activity;sid:84708101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3845000/; classtype:trojan-activity;sid:84708100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.216.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844999/; classtype:trojan-activity;sid:84708099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844998/; classtype:trojan-activity;sid:84708098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844989)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844989/; classtype:trojan-activity;sid:84708089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844990)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844990/; classtype:trojan-activity;sid:84708090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844991)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844991/; classtype:trojan-activity;sid:84708091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844992)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_hardfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844992/; classtype:trojan-activity;sid:84708092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844993)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844993/; classtype:trojan-activity;sid:84708093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844994)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844994/; classtype:trojan-activity;sid:84708094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844995)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844995/; classtype:trojan-activity;sid:84708095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844996)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844996/; classtype:trojan-activity;sid:84708096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844997)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_hardfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844997/; classtype:trojan-activity;sid:84708097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844987)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844987/; classtype:trojan-activity;sid:84708087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844988)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844988/; classtype:trojan-activity;sid:84708088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844985/; classtype:trojan-activity;sid:84708085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844986/; classtype:trojan-activity;sid:84708086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844984)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844984/; classtype:trojan-activity;sid:84708084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844974)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844974/; classtype:trojan-activity;sid:84708074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844975)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844975/; classtype:trojan-activity;sid:84708075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844976)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844976/; classtype:trojan-activity;sid:84708076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844977)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.i486"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844977/; classtype:trojan-activity;sid:84708077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844978)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc440"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844978/; classtype:trojan-activity;sid:84708078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844979)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844979/; classtype:trojan-activity;sid:84708079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844980)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844980/; classtype:trojan-activity;sid:84708080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844981)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844981/; classtype:trojan-activity;sid:84708081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844982)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844982/; classtype:trojan-activity;sid:84708082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844983)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844983/; classtype:trojan-activity;sid:84708083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844962)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844962/; classtype:trojan-activity;sid:84708062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844963)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844963/; classtype:trojan-activity;sid:84708063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844964)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844964/; classtype:trojan-activity;sid:84708064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844965)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844965/; classtype:trojan-activity;sid:84708065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844966)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844966/; classtype:trojan-activity;sid:84708066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844967)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844967/; classtype:trojan-activity;sid:84708067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844968)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844968/; classtype:trojan-activity;sid:84708068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844969)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844969/; classtype:trojan-activity;sid:84708069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844970)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844970/; classtype:trojan-activity;sid:84708070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844971)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844971/; classtype:trojan-activity;sid:84708071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844972)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844972/; classtype:trojan-activity;sid:84708072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844973)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844973/; classtype:trojan-activity;sid:84708073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844961)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ak.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844961/; classtype:trojan-activity;sid:84708061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844960)"; flow:established,from_client; content:"GET"; http_method; content:"/linux.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.238.242.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844960/; classtype:trojan-activity;sid:84708060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844959/; classtype:trojan-activity;sid:84708059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.21.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844958/; classtype:trojan-activity;sid:84708058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.44.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844957/; classtype:trojan-activity;sid:84708057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.1.184"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844956/; classtype:trojan-activity;sid:84708056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844954)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844954/; classtype:trojan-activity;sid:84708054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844955)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844955/; classtype:trojan-activity;sid:84708055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844948)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.android-armv7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844948/; classtype:trojan-activity;sid:84708048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844949)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.aarch64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844949/; classtype:trojan-activity;sid:84708049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844950)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844950/; classtype:trojan-activity;sid:84708050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844951)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844951/; classtype:trojan-activity;sid:84708051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844952)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.android-x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844952/; classtype:trojan-activity;sid:84708052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844953)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.android-aarch64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844953/; classtype:trojan-activity;sid:84708053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844947)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844947/; classtype:trojan-activity;sid:84708047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844946)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.78.217.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844946/; classtype:trojan-activity;sid:84708046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844945/; classtype:trojan-activity;sid:84708045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844944/; classtype:trojan-activity;sid:84708044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844941)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"85.239.149.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844941/; classtype:trojan-activity;sid:84708041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844942)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"85.239.149.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844942/; classtype:trojan-activity;sid:84708042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844943)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"85.239.149.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844943/; classtype:trojan-activity;sid:84708043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.44.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844940/; classtype:trojan-activity;sid:84708040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844939)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"85.239.149.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844939/; classtype:trojan-activity;sid:84708039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844938/; classtype:trojan-activity;sid:84708038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.174.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844937/; classtype:trojan-activity;sid:84708037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.250.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844936/; classtype:trojan-activity;sid:84708036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.180.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844934/; classtype:trojan-activity;sid:84708034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.174.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844935/; classtype:trojan-activity;sid:84708035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.250.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844933/; classtype:trojan-activity;sid:84708033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.110.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844932/; classtype:trojan-activity;sid:84708032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.150.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844931/; classtype:trojan-activity;sid:84708031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.62.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844930/; classtype:trojan-activity;sid:84708030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.94.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844929/; classtype:trojan-activity;sid:84708029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.62.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844928/; classtype:trojan-activity;sid:84708028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.150.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844927/; classtype:trojan-activity;sid:84708027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.110.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844926/; classtype:trojan-activity;sid:84708026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.248.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844925/; classtype:trojan-activity;sid:84708025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.94.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844924/; classtype:trojan-activity;sid:84708024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.248.0.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844923/; classtype:trojan-activity;sid:84708023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844922/; classtype:trojan-activity;sid:84708022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844921/; classtype:trojan-activity;sid:84708021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.154.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844920/; classtype:trojan-activity;sid:84708020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.86.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844919/; classtype:trojan-activity;sid:84708019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.254.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844918/; classtype:trojan-activity;sid:84708018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.133.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844916/; classtype:trojan-activity;sid:84708016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844917/; classtype:trojan-activity;sid:84708017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844915/; classtype:trojan-activity;sid:84708015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844911)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.i468"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844911/; classtype:trojan-activity;sid:84708011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844912)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844912/; classtype:trojan-activity;sid:84708012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844913)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844913/; classtype:trojan-activity;sid:84708013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844914)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844914/; classtype:trojan-activity;sid:84708014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844896)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844896/; classtype:trojan-activity;sid:84707996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844897)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844897/; classtype:trojan-activity;sid:84707997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844898)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844898/; classtype:trojan-activity;sid:84707998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844899)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844899/; classtype:trojan-activity;sid:84707999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844900)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844900/; classtype:trojan-activity;sid:84708000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844901)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844901/; classtype:trojan-activity;sid:84708001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844902)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844902/; classtype:trojan-activity;sid:84708002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844903)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844903/; classtype:trojan-activity;sid:84708003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844904)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844904/; classtype:trojan-activity;sid:84708004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844905)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844905/; classtype:trojan-activity;sid:84708005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844906/; classtype:trojan-activity;sid:84708006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844907)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844907/; classtype:trojan-activity;sid:84708007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844908)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844908/; classtype:trojan-activity;sid:84708008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844909)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844909/; classtype:trojan-activity;sid:84708009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844910)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844910/; classtype:trojan-activity;sid:84708010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844895)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844895/; classtype:trojan-activity;sid:84707995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844894)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844894/; classtype:trojan-activity;sid:84707994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844892)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844892/; classtype:trojan-activity;sid:84707992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844893)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844893/; classtype:trojan-activity;sid:84707993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844888)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844888/; classtype:trojan-activity;sid:84707988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844889)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/asuna.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844889/; classtype:trojan-activity;sid:84707989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844890)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844890/; classtype:trojan-activity;sid:84707990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844891)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844891/; classtype:trojan-activity;sid:84707991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844881)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844881/; classtype:trojan-activity;sid:84707981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844882)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844882/; classtype:trojan-activity;sid:84707982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844883)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844883/; classtype:trojan-activity;sid:84707983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844884)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844884/; classtype:trojan-activity;sid:84707984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844885)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844885/; classtype:trojan-activity;sid:84707985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844886)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844886/; classtype:trojan-activity;sid:84707986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844887)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc440"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844887/; classtype:trojan-activity;sid:84707987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844880)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"wefuwegfwefoewofewfweof.snoowy.top"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844880/; classtype:trojan-activity;sid:84707980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.254.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844879/; classtype:trojan-activity;sid:84707979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844867)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844867/; classtype:trojan-activity;sid:84707967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844868)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844868/; classtype:trojan-activity;sid:84707968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844869)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844869/; classtype:trojan-activity;sid:84707969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844870)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844870/; classtype:trojan-activity;sid:84707970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844871)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844871/; classtype:trojan-activity;sid:84707971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844872)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844872/; classtype:trojan-activity;sid:84707972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844873)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844873/; classtype:trojan-activity;sid:84707973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844874)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844874/; classtype:trojan-activity;sid:84707974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844875)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844875/; classtype:trojan-activity;sid:84707975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.140.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844876/; classtype:trojan-activity;sid:84707976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844877)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844877/; classtype:trojan-activity;sid:84707977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844878)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844878/; classtype:trojan-activity;sid:84707978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844863)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844863/; classtype:trojan-activity;sid:84707963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844864)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844864/; classtype:trojan-activity;sid:84707964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844865)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844865/; classtype:trojan-activity;sid:84707965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844866)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844866/; classtype:trojan-activity;sid:84707966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.99.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844862/; classtype:trojan-activity;sid:84707962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.133.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844861/; classtype:trojan-activity;sid:84707961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844860/; classtype:trojan-activity;sid:84707960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.163.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844859/; classtype:trojan-activity;sid:84707959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.208.112.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844858/; classtype:trojan-activity;sid:84707958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.37.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844857/; classtype:trojan-activity;sid:84707957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.242.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844856/; classtype:trojan-activity;sid:84707956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.99.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844855/; classtype:trojan-activity;sid:84707955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.3.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844854/; classtype:trojan-activity;sid:84707954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.176.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844853/; classtype:trojan-activity;sid:84707953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.235.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844852/; classtype:trojan-activity;sid:84707952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.208.112.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844851/; classtype:trojan-activity;sid:84707951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.254.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844850/; classtype:trojan-activity;sid:84707950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.163.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844849/; classtype:trojan-activity;sid:84707949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.254.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844848/; classtype:trojan-activity;sid:84707948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.53.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844847/; classtype:trojan-activity;sid:84707947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.31.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844846/; classtype:trojan-activity;sid:84707946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.176.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844845/; classtype:trojan-activity;sid:84707945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.216.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844844/; classtype:trojan-activity;sid:84707944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844843/; classtype:trojan-activity;sid:84707943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.146.50.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844842/; classtype:trojan-activity;sid:84707942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.106.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844841/; classtype:trojan-activity;sid:84707941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844840)"; flow:established,from_client; content:"GET"; http_method; content:"/download/sl3zs40junolna/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"71.179.14.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844840/; classtype:trojan-activity;sid:84707940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844839)"; flow:established,from_client; content:"GET"; http_method; content:"/download/sl3zs40junolna/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"biteblob.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844839/; classtype:trojan-activity;sid:84707939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844837)"; flow:established,from_client; content:"GET"; http_method; content:"/parm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844837/; classtype:trojan-activity;sid:84707937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.106.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844836/; classtype:trojan-activity;sid:84707936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.32.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844835/; classtype:trojan-activity;sid:84707935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.32.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844834/; classtype:trojan-activity;sid:84707934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.209.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844833/; classtype:trojan-activity;sid:84707933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844827)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844827/; classtype:trojan-activity;sid:84707927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844828)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844828/; classtype:trojan-activity;sid:84707928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844829)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsrouter"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844829/; classtype:trojan-activity;sid:84707929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844830)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv6l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844830/; classtype:trojan-activity;sid:84707930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844831)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.powerpc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844831/; classtype:trojan-activity;sid:84707931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844832)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv4l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844832/; classtype:trojan-activity;sid:84707932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844819)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv5l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844819/; classtype:trojan-activity;sid:84707919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844820)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844820/; classtype:trojan-activity;sid:84707920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844821)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844821/; classtype:trojan-activity;sid:84707921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844822)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844822/; classtype:trojan-activity;sid:84707922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844823)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.armv7l"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844823/; classtype:trojan-activity;sid:84707923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844824)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844824/; classtype:trojan-activity;sid:84707924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844825)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844825/; classtype:trojan-activity;sid:84707925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844826)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844826/; classtype:trojan-activity;sid:84707926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844818)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844818/; classtype:trojan-activity;sid:84707918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844801/; classtype:trojan-activity;sid:84707901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844802)"; flow:established,from_client; content:"GET"; http_method; content:"/build.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844802/; classtype:trojan-activity;sid:84707902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.20.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844803/; classtype:trojan-activity;sid:84707903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844804/; classtype:trojan-activity;sid:84707904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844805/; classtype:trojan-activity;sid:84707905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844806)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844806/; classtype:trojan-activity;sid:84707906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844807/; classtype:trojan-activity;sid:84707907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844808/; classtype:trojan-activity;sid:84707908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844809/; classtype:trojan-activity;sid:84707909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844810/; classtype:trojan-activity;sid:84707910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844811/; classtype:trojan-activity;sid:84707911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844812/; classtype:trojan-activity;sid:84707912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844813/; classtype:trojan-activity;sid:84707913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844814/; classtype:trojan-activity;sid:84707914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844815)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844815/; classtype:trojan-activity;sid:84707915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844816)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.ppc440"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844816/; classtype:trojan-activity;sid:84707916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/a.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844817/; classtype:trojan-activity;sid:84707917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844798)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844798/; classtype:trojan-activity;sid:84707898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844799)"; flow:established,from_client; content:"GET"; http_method; content:"/dns"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844799/; classtype:trojan-activity;sid:84707899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844800/; classtype:trojan-activity;sid:84707900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844796)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844796/; classtype:trojan-activity;sid:84707896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844797)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844797/; classtype:trojan-activity;sid:84707897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.93.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844795/; classtype:trojan-activity;sid:84707895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.246.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844794/; classtype:trojan-activity;sid:84707894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.226.238.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844793/; classtype:trojan-activity;sid:84707893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.20.93.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844792/; classtype:trojan-activity;sid:84707892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.27.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844791/; classtype:trojan-activity;sid:84707891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.22.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844790/; classtype:trojan-activity;sid:84707890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.20.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844789/; classtype:trojan-activity;sid:84707889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.108.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844788/; classtype:trojan-activity;sid:84707888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.246.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844787/; classtype:trojan-activity;sid:84707887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.108.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844786/; classtype:trojan-activity;sid:84707886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.22.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844785/; classtype:trojan-activity;sid:84707885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.179.74.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844784/; classtype:trojan-activity;sid:84707884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844783)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=iitxclsvszwpdyif"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xty75g4b.encryption5hadow.digital"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844783/; classtype:trojan-activity;sid:84707883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.93.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844782/; classtype:trojan-activity;sid:84707882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.40.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844781/; classtype:trojan-activity;sid:84707881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844780/; classtype:trojan-activity;sid:84707880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.27.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844779/; classtype:trojan-activity;sid:84707879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.179.74.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844777/; classtype:trojan-activity;sid:84707877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.108.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844778/; classtype:trojan-activity;sid:84707878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.74.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844776/; classtype:trojan-activity;sid:84707876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.31.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844775/; classtype:trojan-activity;sid:84707875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.213.38.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844774/; classtype:trojan-activity;sid:84707874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.40.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844773/; classtype:trojan-activity;sid:84707873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844772/; classtype:trojan-activity;sid:84707872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.68.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844771/; classtype:trojan-activity;sid:84707871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.207.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844770/; classtype:trojan-activity;sid:84707870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.27.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844769/; classtype:trojan-activity;sid:84707869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.68.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844768/; classtype:trojan-activity;sid:84707868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.27.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844767/; classtype:trojan-activity;sid:84707867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.16.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844766/; classtype:trojan-activity;sid:84707866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.146.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844765/; classtype:trojan-activity;sid:84707865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.213.38.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844764/; classtype:trojan-activity;sid:84707864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.244.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844763/; classtype:trojan-activity;sid:84707863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844762/; classtype:trojan-activity;sid:84707862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.217.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844761/; classtype:trojan-activity;sid:84707861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844760)"; flow:established,from_client; content:"GET"; http_method; content:"/9c34bc13-1256-4e09-845e-9ea583fbef65/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"glokchapigui.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844760/; classtype:trojan-activity;sid:84707860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.252.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844759/; classtype:trojan-activity;sid:84707859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844758)"; flow:established,from_client; content:"GET"; http_method; content:"/yurunphantom.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"valfanto.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844758/; classtype:trojan-activity;sid:84707858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.244.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844757/; classtype:trojan-activity;sid:84707857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.232.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844755/; classtype:trojan-activity;sid:84707855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844756/; classtype:trojan-activity;sid:84707856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.6.219"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844754/; classtype:trojan-activity;sid:84707854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844753)"; flow:established,from_client; content:"GET"; http_method; content:"/9c34bc13-1256-4e09-845e-9ea583fbef65/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"techapiguard.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844753/; classtype:trojan-activity;sid:84707853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.217.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844752/; classtype:trojan-activity;sid:84707852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844751)"; flow:established,from_client; content:"GET"; http_method; content:"/9c34bc13-1256-4e09-845e-9ea583fbef65/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"httpsfewapi.surf"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844751/; classtype:trojan-activity;sid:84707851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.170.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844750/; classtype:trojan-activity;sid:84707850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.252.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844749/; classtype:trojan-activity;sid:84707849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"194.156.79.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844748/; classtype:trojan-activity;sid:84707848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"194.156.79.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844747/; classtype:trojan-activity;sid:84707847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.170.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844746/; classtype:trojan-activity;sid:84707846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.44.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844745/; classtype:trojan-activity;sid:84707845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844744/; classtype:trojan-activity;sid:84707844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.156.126.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844743/; classtype:trojan-activity;sid:84707843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844742)"; flow:established,from_client; content:"GET"; http_method; content:"/9c34bc13-1256-4e09-845e-9ea583fbef65/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"argvlidcheck.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844742/; classtype:trojan-activity;sid:84707842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.156.126.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844741/; classtype:trojan-activity;sid:84707841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844740)"; flow:established,from_client; content:"GET"; http_method; content:"/9c34bc13-1256-4e09-845e-9ea583fbef65/google.ct"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"authshellverif.co"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844740/; classtype:trojan-activity;sid:84707840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.220.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844739/; classtype:trojan-activity;sid:84707839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.220.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844738/; classtype:trojan-activity;sid:84707838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.84.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844737/; classtype:trojan-activity;sid:84707837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.49.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844736/; classtype:trojan-activity;sid:84707836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.49.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844735/; classtype:trojan-activity;sid:84707835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.110.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844734/; classtype:trojan-activity;sid:84707834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.73.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844733/; classtype:trojan-activity;sid:84707833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844732/; classtype:trojan-activity;sid:84707832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.12.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844731/; classtype:trojan-activity;sid:84707831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.73.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844730/; classtype:trojan-activity;sid:84707830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.77.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844729/; classtype:trojan-activity;sid:84707829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.182.248.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844728/; classtype:trojan-activity;sid:84707828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.178.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844727/; classtype:trojan-activity;sid:84707827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.232.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844726/; classtype:trojan-activity;sid:84707826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.88.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844725/; classtype:trojan-activity;sid:84707825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844724/; classtype:trojan-activity;sid:84707824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.88.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844723/; classtype:trojan-activity;sid:84707823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844722/; classtype:trojan-activity;sid:84707822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844721/; classtype:trojan-activity;sid:84707821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844720/; classtype:trojan-activity;sid:84707820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844719/; classtype:trojan-activity;sid:84707819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844718/; classtype:trojan-activity;sid:84707818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.76.57.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844717/; classtype:trojan-activity;sid:84707817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.72.9.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844716/; classtype:trojan-activity;sid:84707816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844709)"; flow:established,from_client; content:"GET"; http_method; content:"/gzos"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844709/; classtype:trojan-activity;sid:84707809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844710)"; flow:established,from_client; content:"GET"; http_method; content:"/35t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844710/; classtype:trojan-activity;sid:84707810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844711)"; flow:established,from_client; content:"GET"; http_method; content:"/ob9f"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844711/; classtype:trojan-activity;sid:84707811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844712)"; flow:established,from_client; content:"GET"; http_method; content:"/pabc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844712/; classtype:trojan-activity;sid:84707812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844713)"; flow:established,from_client; content:"GET"; http_method; content:"/m9s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844713/; classtype:trojan-activity;sid:84707813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844714)"; flow:established,from_client; content:"GET"; http_method; content:"/0uc4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844714/; classtype:trojan-activity;sid:84707814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844715)"; flow:established,from_client; content:"GET"; http_method; content:"/ojh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844715/; classtype:trojan-activity;sid:84707815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844708/; classtype:trojan-activity;sid:84707808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.103.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844707/; classtype:trojan-activity;sid:84707807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.52.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844706/; classtype:trojan-activity;sid:84707806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844705/; classtype:trojan-activity;sid:84707805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.89.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844704/; classtype:trojan-activity;sid:84707804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.103.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844703/; classtype:trojan-activity;sid:84707803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844702/; classtype:trojan-activity;sid:84707802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.52.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844701/; classtype:trojan-activity;sid:84707801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.89.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844700/; classtype:trojan-activity;sid:84707800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.234.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844699/; classtype:trojan-activity;sid:84707799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844685)"; flow:established,from_client; content:"GET"; http_method; content:"/k2vc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844685/; classtype:trojan-activity;sid:84707785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844686)"; flow:established,from_client; content:"GET"; http_method; content:"/cmxi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844686/; classtype:trojan-activity;sid:84707786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844687)"; flow:established,from_client; content:"GET"; http_method; content:"/a2f"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844687/; classtype:trojan-activity;sid:84707787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844688)"; flow:established,from_client; content:"GET"; http_method; content:"/xhrf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844688/; classtype:trojan-activity;sid:84707788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844689)"; flow:established,from_client; content:"GET"; http_method; content:"/vzpx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844689/; classtype:trojan-activity;sid:84707789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844690)"; flow:established,from_client; content:"GET"; http_method; content:"/lfyp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844690/; classtype:trojan-activity;sid:84707790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844691)"; flow:established,from_client; content:"GET"; http_method; content:"/z47t"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844691/; classtype:trojan-activity;sid:84707791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844692)"; flow:established,from_client; content:"GET"; http_method; content:"/gjf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844692/; classtype:trojan-activity;sid:84707792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844693)"; flow:established,from_client; content:"GET"; http_method; content:"/jw3"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844693/; classtype:trojan-activity;sid:84707793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844694)"; flow:established,from_client; content:"GET"; http_method; content:"/mh3m"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844694/; classtype:trojan-activity;sid:84707794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844695)"; flow:established,from_client; content:"GET"; http_method; content:"/uibe"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844695/; classtype:trojan-activity;sid:84707795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844696)"; flow:established,from_client; content:"GET"; http_method; content:"/v2w"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844696/; classtype:trojan-activity;sid:84707796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844697)"; flow:established,from_client; content:"GET"; http_method; content:"/w0g"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844697/; classtype:trojan-activity;sid:84707797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844698)"; flow:established,from_client; content:"GET"; http_method; content:"/5fl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844698/; classtype:trojan-activity;sid:84707798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844659)"; flow:established,from_client; content:"GET"; http_method; content:"/mtpp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844659/; classtype:trojan-activity;sid:84707759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844660)"; flow:established,from_client; content:"GET"; http_method; content:"/gdoc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844660/; classtype:trojan-activity;sid:84707760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844661)"; flow:established,from_client; content:"GET"; http_method; content:"/u0qb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844661/; classtype:trojan-activity;sid:84707761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844662)"; flow:established,from_client; content:"GET"; http_method; content:"/xuh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844662/; classtype:trojan-activity;sid:84707762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844663)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844663/; classtype:trojan-activity;sid:84707763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844664)"; flow:established,from_client; content:"GET"; http_method; content:"/xsb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844664/; classtype:trojan-activity;sid:84707764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844665)"; flow:established,from_client; content:"GET"; http_method; content:"/l30"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844665/; classtype:trojan-activity;sid:84707765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844666)"; flow:established,from_client; content:"GET"; http_method; content:"/xerx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844666/; classtype:trojan-activity;sid:84707766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844667)"; flow:established,from_client; content:"GET"; http_method; content:"/0gj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844667/; classtype:trojan-activity;sid:84707767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844668)"; flow:established,from_client; content:"GET"; http_method; content:"/ysw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844668/; classtype:trojan-activity;sid:84707768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844669)"; flow:established,from_client; content:"GET"; http_method; content:"/7at"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844669/; classtype:trojan-activity;sid:84707769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844670)"; flow:established,from_client; content:"GET"; http_method; content:"/vdz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844670/; classtype:trojan-activity;sid:84707770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844671)"; flow:established,from_client; content:"GET"; http_method; content:"/zz1m"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844671/; classtype:trojan-activity;sid:84707771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844672)"; flow:established,from_client; content:"GET"; http_method; content:"/syo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844672/; classtype:trojan-activity;sid:84707772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844673)"; flow:established,from_client; content:"GET"; http_method; content:"/lora"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844673/; classtype:trojan-activity;sid:84707773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844674)"; flow:established,from_client; content:"GET"; http_method; content:"/lvqb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844674/; classtype:trojan-activity;sid:84707774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844675)"; flow:established,from_client; content:"GET"; http_method; content:"/udya"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844675/; classtype:trojan-activity;sid:84707775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844676)"; flow:established,from_client; content:"GET"; http_method; content:"/wj8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844676/; classtype:trojan-activity;sid:84707776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844677)"; flow:established,from_client; content:"GET"; http_method; content:"/aoe"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844677/; classtype:trojan-activity;sid:84707777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844678)"; flow:established,from_client; content:"GET"; http_method; content:"/5bqs"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844678/; classtype:trojan-activity;sid:84707778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844679)"; flow:established,from_client; content:"GET"; http_method; content:"/adua"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844679/; classtype:trojan-activity;sid:84707779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844680)"; flow:established,from_client; content:"GET"; http_method; content:"/rjtm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844680/; classtype:trojan-activity;sid:84707780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844681)"; flow:established,from_client; content:"GET"; http_method; content:"/bjuc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844681/; classtype:trojan-activity;sid:84707781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844682)"; flow:established,from_client; content:"GET"; http_method; content:"/purj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844682/; classtype:trojan-activity;sid:84707782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844683)"; flow:established,from_client; content:"GET"; http_method; content:"/dyr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844683/; classtype:trojan-activity;sid:84707783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844684)"; flow:established,from_client; content:"GET"; http_method; content:"/3y7"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844684/; classtype:trojan-activity;sid:84707784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844645)"; flow:established,from_client; content:"GET"; http_method; content:"/nqx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844645/; classtype:trojan-activity;sid:84707745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844646)"; flow:established,from_client; content:"GET"; http_method; content:"/wach"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844646/; classtype:trojan-activity;sid:84707746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844647)"; flow:established,from_client; content:"GET"; http_method; content:"/rhs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844647/; classtype:trojan-activity;sid:84707747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844648)"; flow:established,from_client; content:"GET"; http_method; content:"/5hfb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844648/; classtype:trojan-activity;sid:84707748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844649)"; flow:established,from_client; content:"GET"; http_method; content:"/is1b"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844649/; classtype:trojan-activity;sid:84707749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844650)"; flow:established,from_client; content:"GET"; http_method; content:"/agp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844650/; classtype:trojan-activity;sid:84707750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844651)"; flow:established,from_client; content:"GET"; http_method; content:"/b7lm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844651/; classtype:trojan-activity;sid:84707751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844652)"; flow:established,from_client; content:"GET"; http_method; content:"/4gwc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844652/; classtype:trojan-activity;sid:84707752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844653)"; flow:established,from_client; content:"GET"; http_method; content:"/voqq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844653/; classtype:trojan-activity;sid:84707753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844654)"; flow:established,from_client; content:"GET"; http_method; content:"/iom"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844654/; classtype:trojan-activity;sid:84707754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844655)"; flow:established,from_client; content:"GET"; http_method; content:"/fdn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844655/; classtype:trojan-activity;sid:84707755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844656)"; flow:established,from_client; content:"GET"; http_method; content:"/lhm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844656/; classtype:trojan-activity;sid:84707756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844657)"; flow:established,from_client; content:"GET"; http_method; content:"/29fw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844657/; classtype:trojan-activity;sid:84707757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844658)"; flow:established,from_client; content:"GET"; http_method; content:"/edx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844658/; classtype:trojan-activity;sid:84707758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844605)"; flow:established,from_client; content:"GET"; http_method; content:"/0aa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844605/; classtype:trojan-activity;sid:84707705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844606)"; flow:established,from_client; content:"GET"; http_method; content:"/tkf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844606/; classtype:trojan-activity;sid:84707706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844607)"; flow:established,from_client; content:"GET"; http_method; content:"/tbnu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844607/; classtype:trojan-activity;sid:84707707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844608)"; flow:established,from_client; content:"GET"; http_method; content:"/knj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844608/; classtype:trojan-activity;sid:84707708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844609)"; flow:established,from_client; content:"GET"; http_method; content:"/h8e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844609/; classtype:trojan-activity;sid:84707709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844610)"; flow:established,from_client; content:"GET"; http_method; content:"/i5g"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844610/; classtype:trojan-activity;sid:84707710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844611)"; flow:established,from_client; content:"GET"; http_method; content:"/mtd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844611/; classtype:trojan-activity;sid:84707711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844612)"; flow:established,from_client; content:"GET"; http_method; content:"/m9oh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844612/; classtype:trojan-activity;sid:84707712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844613)"; flow:established,from_client; content:"GET"; http_method; content:"/y9k9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844613/; classtype:trojan-activity;sid:84707713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844614)"; flow:established,from_client; content:"GET"; http_method; content:"/dgb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844614/; classtype:trojan-activity;sid:84707714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844615)"; flow:established,from_client; content:"GET"; http_method; content:"/ky9x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844615/; classtype:trojan-activity;sid:84707715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844616)"; flow:established,from_client; content:"GET"; http_method; content:"/ngl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844616/; classtype:trojan-activity;sid:84707716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844617)"; flow:established,from_client; content:"GET"; http_method; content:"/cbj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844617/; classtype:trojan-activity;sid:84707717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844618)"; flow:established,from_client; content:"GET"; http_method; content:"/kgze"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844618/; classtype:trojan-activity;sid:84707718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844619)"; flow:established,from_client; content:"GET"; http_method; content:"/mxr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844619/; classtype:trojan-activity;sid:84707719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844620)"; flow:established,from_client; content:"GET"; http_method; content:"/0rw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844620/; classtype:trojan-activity;sid:84707720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844621)"; flow:established,from_client; content:"GET"; http_method; content:"/4oro"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844621/; classtype:trojan-activity;sid:84707721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844622)"; flow:established,from_client; content:"GET"; http_method; content:"/noyi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844622/; classtype:trojan-activity;sid:84707722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844623)"; flow:established,from_client; content:"GET"; http_method; content:"/bqd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844623/; classtype:trojan-activity;sid:84707723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844624)"; flow:established,from_client; content:"GET"; http_method; content:"/eikw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844624/; classtype:trojan-activity;sid:84707724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844625)"; flow:established,from_client; content:"GET"; http_method; content:"/ionf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844625/; classtype:trojan-activity;sid:84707725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844626)"; flow:established,from_client; content:"GET"; http_method; content:"/n1bq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844626/; classtype:trojan-activity;sid:84707726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844627)"; flow:established,from_client; content:"GET"; http_method; content:"/zvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844627/; classtype:trojan-activity;sid:84707727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844628)"; flow:established,from_client; content:"GET"; http_method; content:"/ila"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844628/; classtype:trojan-activity;sid:84707728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844629)"; flow:established,from_client; content:"GET"; http_method; content:"/sqf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844629/; classtype:trojan-activity;sid:84707729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844630)"; flow:established,from_client; content:"GET"; http_method; content:"/zsw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844630/; classtype:trojan-activity;sid:84707730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844631)"; flow:established,from_client; content:"GET"; http_method; content:"/cgn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844631/; classtype:trojan-activity;sid:84707731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844632)"; flow:established,from_client; content:"GET"; http_method; content:"/fek"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844632/; classtype:trojan-activity;sid:84707732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844633)"; flow:established,from_client; content:"GET"; http_method; content:"/ant9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844633/; classtype:trojan-activity;sid:84707733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844634)"; flow:established,from_client; content:"GET"; http_method; content:"/jwd0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844634/; classtype:trojan-activity;sid:84707734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844635)"; flow:established,from_client; content:"GET"; http_method; content:"/rfmd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844635/; classtype:trojan-activity;sid:84707735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844636)"; flow:established,from_client; content:"GET"; http_method; content:"/z9c8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844636/; classtype:trojan-activity;sid:84707736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844637)"; flow:established,from_client; content:"GET"; http_method; content:"/qcv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844637/; classtype:trojan-activity;sid:84707737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844638)"; flow:established,from_client; content:"GET"; http_method; content:"/dsq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844638/; classtype:trojan-activity;sid:84707738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844639)"; flow:established,from_client; content:"GET"; http_method; content:"/9n8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844639/; classtype:trojan-activity;sid:84707739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844640)"; flow:established,from_client; content:"GET"; http_method; content:"/auy9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844640/; classtype:trojan-activity;sid:84707740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844641)"; flow:established,from_client; content:"GET"; http_method; content:"/qua"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844641/; classtype:trojan-activity;sid:84707741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844642)"; flow:established,from_client; content:"GET"; http_method; content:"/2rm9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844642/; classtype:trojan-activity;sid:84707742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844643)"; flow:established,from_client; content:"GET"; http_method; content:"/fpt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844643/; classtype:trojan-activity;sid:84707743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844644)"; flow:established,from_client; content:"GET"; http_method; content:"/1ic"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844644/; classtype:trojan-activity;sid:84707744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844599)"; flow:established,from_client; content:"GET"; http_method; content:"/z0nw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844599/; classtype:trojan-activity;sid:84707699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844600)"; flow:established,from_client; content:"GET"; http_method; content:"/rbk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844600/; classtype:trojan-activity;sid:84707700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844601)"; flow:established,from_client; content:"GET"; http_method; content:"/h2l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844601/; classtype:trojan-activity;sid:84707701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844602)"; flow:established,from_client; content:"GET"; http_method; content:"/8zz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844602/; classtype:trojan-activity;sid:84707702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844603)"; flow:established,from_client; content:"GET"; http_method; content:"/4ckj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844603/; classtype:trojan-activity;sid:84707703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844604)"; flow:established,from_client; content:"GET"; http_method; content:"/nvt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844604/; classtype:trojan-activity;sid:84707704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844582)"; flow:established,from_client; content:"GET"; http_method; content:"/dakc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844582/; classtype:trojan-activity;sid:84707682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844583)"; flow:established,from_client; content:"GET"; http_method; content:"/sjfx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844583/; classtype:trojan-activity;sid:84707683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844584)"; flow:established,from_client; content:"GET"; http_method; content:"/ksn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844584/; classtype:trojan-activity;sid:84707684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844585)"; flow:established,from_client; content:"GET"; http_method; content:"/hfm8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844585/; classtype:trojan-activity;sid:84707685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844586)"; flow:established,from_client; content:"GET"; http_method; content:"/ymkj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844586/; classtype:trojan-activity;sid:84707686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844587)"; flow:established,from_client; content:"GET"; http_method; content:"/ida"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844587/; classtype:trojan-activity;sid:84707687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844588)"; flow:established,from_client; content:"GET"; http_method; content:"/ojmw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844588/; classtype:trojan-activity;sid:84707688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844589)"; flow:established,from_client; content:"GET"; http_method; content:"/clw4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844589/; classtype:trojan-activity;sid:84707689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844590)"; flow:established,from_client; content:"GET"; http_method; content:"/q8hm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844590/; classtype:trojan-activity;sid:84707690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844591)"; flow:established,from_client; content:"GET"; http_method; content:"/ucun"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844591/; classtype:trojan-activity;sid:84707691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844592)"; flow:established,from_client; content:"GET"; http_method; content:"/uef"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844592/; classtype:trojan-activity;sid:84707692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844593)"; flow:established,from_client; content:"GET"; http_method; content:"/mrfo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844593/; classtype:trojan-activity;sid:84707693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844594)"; flow:established,from_client; content:"GET"; http_method; content:"/u1l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844594/; classtype:trojan-activity;sid:84707694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844595)"; flow:established,from_client; content:"GET"; http_method; content:"/08c"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844595/; classtype:trojan-activity;sid:84707695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844596)"; flow:established,from_client; content:"GET"; http_method; content:"/kecs"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844596/; classtype:trojan-activity;sid:84707696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844597/; classtype:trojan-activity;sid:84707697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844598)"; flow:established,from_client; content:"GET"; http_method; content:"/ktk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844598/; classtype:trojan-activity;sid:84707698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844542)"; flow:established,from_client; content:"GET"; http_method; content:"/d5um"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844542/; classtype:trojan-activity;sid:84707642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844543)"; flow:established,from_client; content:"GET"; http_method; content:"/uxtj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844543/; classtype:trojan-activity;sid:84707643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844544)"; flow:established,from_client; content:"GET"; http_method; content:"/rgja"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844544/; classtype:trojan-activity;sid:84707644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844545)"; flow:established,from_client; content:"GET"; http_method; content:"/qx6x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844545/; classtype:trojan-activity;sid:84707645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844546)"; flow:established,from_client; content:"GET"; http_method; content:"/gg5r"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844546/; classtype:trojan-activity;sid:84707646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844547)"; flow:established,from_client; content:"GET"; http_method; content:"/otf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844547/; classtype:trojan-activity;sid:84707647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844548)"; flow:established,from_client; content:"GET"; http_method; content:"/b9a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844548/; classtype:trojan-activity;sid:84707648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844549)"; flow:established,from_client; content:"GET"; http_method; content:"/j11"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844549/; classtype:trojan-activity;sid:84707649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844550)"; flow:established,from_client; content:"GET"; http_method; content:"/ecq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844550/; classtype:trojan-activity;sid:84707650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844551)"; flow:established,from_client; content:"GET"; http_method; content:"/eaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844551/; classtype:trojan-activity;sid:84707651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844552)"; flow:established,from_client; content:"GET"; http_method; content:"/feb4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844552/; classtype:trojan-activity;sid:84707652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844553)"; flow:established,from_client; content:"GET"; http_method; content:"/hhp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844553/; classtype:trojan-activity;sid:84707653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844554)"; flow:established,from_client; content:"GET"; http_method; content:"/q4e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844554/; classtype:trojan-activity;sid:84707654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844555)"; flow:established,from_client; content:"GET"; http_method; content:"/3ec"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844555/; classtype:trojan-activity;sid:84707655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844556)"; flow:established,from_client; content:"GET"; http_method; content:"/kv6m"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844556/; classtype:trojan-activity;sid:84707656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844557)"; flow:established,from_client; content:"GET"; http_method; content:"/531"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844557/; classtype:trojan-activity;sid:84707657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844558)"; flow:established,from_client; content:"GET"; http_method; content:"/vu7"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844558/; classtype:trojan-activity;sid:84707658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844559)"; flow:established,from_client; content:"GET"; http_method; content:"/tr0"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844559/; classtype:trojan-activity;sid:84707659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844560)"; flow:established,from_client; content:"GET"; http_method; content:"/h7p"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844560/; classtype:trojan-activity;sid:84707660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844561)"; flow:established,from_client; content:"GET"; http_method; content:"/4ue"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844561/; classtype:trojan-activity;sid:84707661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844562)"; flow:established,from_client; content:"GET"; http_method; content:"/bxsi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844562/; classtype:trojan-activity;sid:84707662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844563)"; flow:established,from_client; content:"GET"; http_method; content:"/ecz9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844563/; classtype:trojan-activity;sid:84707663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844564)"; flow:established,from_client; content:"GET"; http_method; content:"/esuu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844564/; classtype:trojan-activity;sid:84707664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844565)"; flow:established,from_client; content:"GET"; http_method; content:"/o8r"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844565/; classtype:trojan-activity;sid:84707665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844566)"; flow:established,from_client; content:"GET"; http_method; content:"/xqx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844566/; classtype:trojan-activity;sid:84707666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844567)"; flow:established,from_client; content:"GET"; http_method; content:"/ylk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844567/; classtype:trojan-activity;sid:84707667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844568)"; flow:established,from_client; content:"GET"; http_method; content:"/o6bn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844568/; classtype:trojan-activity;sid:84707668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844569)"; flow:established,from_client; content:"GET"; http_method; content:"/uu6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844569/; classtype:trojan-activity;sid:84707669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844570)"; flow:established,from_client; content:"GET"; http_method; content:"/k8d"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844570/; classtype:trojan-activity;sid:84707670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844571)"; flow:established,from_client; content:"GET"; http_method; content:"/1bz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844571/; classtype:trojan-activity;sid:84707671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844572)"; flow:established,from_client; content:"GET"; http_method; content:"/j5k"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844572/; classtype:trojan-activity;sid:84707672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844573)"; flow:established,from_client; content:"GET"; http_method; content:"/ikj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844573/; classtype:trojan-activity;sid:84707673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844574)"; flow:established,from_client; content:"GET"; http_method; content:"/uyo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844574/; classtype:trojan-activity;sid:84707674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844575)"; flow:established,from_client; content:"GET"; http_method; content:"/9ce"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844575/; classtype:trojan-activity;sid:84707675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844576)"; flow:established,from_client; content:"GET"; http_method; content:"/vbfl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844576/; classtype:trojan-activity;sid:84707676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844577)"; flow:established,from_client; content:"GET"; http_method; content:"/dri"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844577/; classtype:trojan-activity;sid:84707677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844578)"; flow:established,from_client; content:"GET"; http_method; content:"/lm7"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844578/; classtype:trojan-activity;sid:84707678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844579)"; flow:established,from_client; content:"GET"; http_method; content:"/e5zf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844579/; classtype:trojan-activity;sid:84707679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844580)"; flow:established,from_client; content:"GET"; http_method; content:"/ehl1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844580/; classtype:trojan-activity;sid:84707680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844581)"; flow:established,from_client; content:"GET"; http_method; content:"/xalp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844581/; classtype:trojan-activity;sid:84707681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844510)"; flow:established,from_client; content:"GET"; http_method; content:"/i7vn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844510/; classtype:trojan-activity;sid:84707610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844511)"; flow:established,from_client; content:"GET"; http_method; content:"/vvd7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844511/; classtype:trojan-activity;sid:84707611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844512)"; flow:established,from_client; content:"GET"; http_method; content:"/yhp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844512/; classtype:trojan-activity;sid:84707612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844513)"; flow:established,from_client; content:"GET"; http_method; content:"/z0j"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844513/; classtype:trojan-activity;sid:84707613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844514)"; flow:established,from_client; content:"GET"; http_method; content:"/mafd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844514/; classtype:trojan-activity;sid:84707614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844515)"; flow:established,from_client; content:"GET"; http_method; content:"/ker"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844515/; classtype:trojan-activity;sid:84707615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844516)"; flow:established,from_client; content:"GET"; http_method; content:"/lip"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844516/; classtype:trojan-activity;sid:84707616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844517)"; flow:established,from_client; content:"GET"; http_method; content:"/hqb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844517/; classtype:trojan-activity;sid:84707617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844518)"; flow:established,from_client; content:"GET"; http_method; content:"/4pwj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844518/; classtype:trojan-activity;sid:84707618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844519)"; flow:established,from_client; content:"GET"; http_method; content:"/t644"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844519/; classtype:trojan-activity;sid:84707619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844520)"; flow:established,from_client; content:"GET"; http_method; content:"/aijh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844520/; classtype:trojan-activity;sid:84707620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844521)"; flow:established,from_client; content:"GET"; http_method; content:"/zzbg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844521/; classtype:trojan-activity;sid:84707621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844522)"; flow:established,from_client; content:"GET"; http_method; content:"/xiq8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844522/; classtype:trojan-activity;sid:84707622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844523)"; flow:established,from_client; content:"GET"; http_method; content:"/ik8d"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844523/; classtype:trojan-activity;sid:84707623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844524)"; flow:established,from_client; content:"GET"; http_method; content:"/kkz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844524/; classtype:trojan-activity;sid:84707624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844525)"; flow:established,from_client; content:"GET"; http_method; content:"/ju1x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844525/; classtype:trojan-activity;sid:84707625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844526)"; flow:established,from_client; content:"GET"; http_method; content:"/rezt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844526/; classtype:trojan-activity;sid:84707626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844527)"; flow:established,from_client; content:"GET"; http_method; content:"/sia"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844527/; classtype:trojan-activity;sid:84707627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844528)"; flow:established,from_client; content:"GET"; http_method; content:"/bn6o"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844528/; classtype:trojan-activity;sid:84707628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844529)"; flow:established,from_client; content:"GET"; http_method; content:"/ba05"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844529/; classtype:trojan-activity;sid:84707629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844530)"; flow:established,from_client; content:"GET"; http_method; content:"/9kqq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844530/; classtype:trojan-activity;sid:84707630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844531)"; flow:established,from_client; content:"GET"; http_method; content:"/qlk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844531/; classtype:trojan-activity;sid:84707631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844532)"; flow:established,from_client; content:"GET"; http_method; content:"/nul0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844532/; classtype:trojan-activity;sid:84707632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844533)"; flow:established,from_client; content:"GET"; http_method; content:"/5jx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844533/; classtype:trojan-activity;sid:84707633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844534)"; flow:established,from_client; content:"GET"; http_method; content:"/frv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844534/; classtype:trojan-activity;sid:84707634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844535)"; flow:established,from_client; content:"GET"; http_method; content:"/zx23"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844535/; classtype:trojan-activity;sid:84707635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844536)"; flow:established,from_client; content:"GET"; http_method; content:"/3nhm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844536/; classtype:trojan-activity;sid:84707636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844537)"; flow:established,from_client; content:"GET"; http_method; content:"/rdg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844537/; classtype:trojan-activity;sid:84707637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844538)"; flow:established,from_client; content:"GET"; http_method; content:"/27vp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844538/; classtype:trojan-activity;sid:84707638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844539)"; flow:established,from_client; content:"GET"; http_method; content:"/bgo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844539/; classtype:trojan-activity;sid:84707639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844540)"; flow:established,from_client; content:"GET"; http_method; content:"/emy4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844540/; classtype:trojan-activity;sid:84707640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844541)"; flow:established,from_client; content:"GET"; http_method; content:"/mdvg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844541/; classtype:trojan-activity;sid:84707641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844509)"; flow:established,from_client; content:"GET"; http_method; content:"/hsal"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844509/; classtype:trojan-activity;sid:84707609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844492)"; flow:established,from_client; content:"GET"; http_method; content:"/g1g"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844492/; classtype:trojan-activity;sid:84707592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844493)"; flow:established,from_client; content:"GET"; http_method; content:"/q6p"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844493/; classtype:trojan-activity;sid:84707593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844494)"; flow:established,from_client; content:"GET"; http_method; content:"/ftqf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844494/; classtype:trojan-activity;sid:84707594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844495)"; flow:established,from_client; content:"GET"; http_method; content:"/lix"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844495/; classtype:trojan-activity;sid:84707595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844496)"; flow:established,from_client; content:"GET"; http_method; content:"/p5b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844496/; classtype:trojan-activity;sid:84707596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844497)"; flow:established,from_client; content:"GET"; http_method; content:"/jyuy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844497/; classtype:trojan-activity;sid:84707597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844498)"; flow:established,from_client; content:"GET"; http_method; content:"/kxao"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844498/; classtype:trojan-activity;sid:84707598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844499)"; flow:established,from_client; content:"GET"; http_method; content:"/omi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844499/; classtype:trojan-activity;sid:84707599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844500)"; flow:established,from_client; content:"GET"; http_method; content:"/tsm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844500/; classtype:trojan-activity;sid:84707600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844501)"; flow:established,from_client; content:"GET"; http_method; content:"/ljj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844501/; classtype:trojan-activity;sid:84707601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844502)"; flow:established,from_client; content:"GET"; http_method; content:"/riv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844502/; classtype:trojan-activity;sid:84707602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844503)"; flow:established,from_client; content:"GET"; http_method; content:"/hac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844503/; classtype:trojan-activity;sid:84707603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844504)"; flow:established,from_client; content:"GET"; http_method; content:"/hlw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844504/; classtype:trojan-activity;sid:84707604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844505)"; flow:established,from_client; content:"GET"; http_method; content:"/xjn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844505/; classtype:trojan-activity;sid:84707605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844506)"; flow:established,from_client; content:"GET"; http_method; content:"/v99g"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844506/; classtype:trojan-activity;sid:84707606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844507)"; flow:established,from_client; content:"GET"; http_method; content:"/wvn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844507/; classtype:trojan-activity;sid:84707607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844508)"; flow:established,from_client; content:"GET"; http_method; content:"/3tbq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844508/; classtype:trojan-activity;sid:84707608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844470)"; flow:established,from_client; content:"GET"; http_method; content:"/ktlt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844470/; classtype:trojan-activity;sid:84707570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844471)"; flow:established,from_client; content:"GET"; http_method; content:"/tjr1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844471/; classtype:trojan-activity;sid:84707571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844472)"; flow:established,from_client; content:"GET"; http_method; content:"/tjf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844472/; classtype:trojan-activity;sid:84707572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844473)"; flow:established,from_client; content:"GET"; http_method; content:"/d9e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844473/; classtype:trojan-activity;sid:84707573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844474)"; flow:established,from_client; content:"GET"; http_method; content:"/orlt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844474/; classtype:trojan-activity;sid:84707574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844475)"; flow:established,from_client; content:"GET"; http_method; content:"/lr3l"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844475/; classtype:trojan-activity;sid:84707575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844476)"; flow:established,from_client; content:"GET"; http_method; content:"/qayq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844476/; classtype:trojan-activity;sid:84707576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844477)"; flow:established,from_client; content:"GET"; http_method; content:"/vhx1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844477/; classtype:trojan-activity;sid:84707577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844478)"; flow:established,from_client; content:"GET"; http_method; content:"/b2j"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844478/; classtype:trojan-activity;sid:84707578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844479)"; flow:established,from_client; content:"GET"; http_method; content:"/sd2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844479/; classtype:trojan-activity;sid:84707579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844480)"; flow:established,from_client; content:"GET"; http_method; content:"/rhge"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844480/; classtype:trojan-activity;sid:84707580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844481)"; flow:established,from_client; content:"GET"; http_method; content:"/wuhr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844481/; classtype:trojan-activity;sid:84707581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844482)"; flow:established,from_client; content:"GET"; http_method; content:"/sfw"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844482/; classtype:trojan-activity;sid:84707582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844483)"; flow:established,from_client; content:"GET"; http_method; content:"/lhmq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844483/; classtype:trojan-activity;sid:84707583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844484)"; flow:established,from_client; content:"GET"; http_method; content:"/zc4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844484/; classtype:trojan-activity;sid:84707584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844485)"; flow:established,from_client; content:"GET"; http_method; content:"/xwpc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844485/; classtype:trojan-activity;sid:84707585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844486)"; flow:established,from_client; content:"GET"; http_method; content:"/kbwi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844486/; classtype:trojan-activity;sid:84707586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844487)"; flow:established,from_client; content:"GET"; http_method; content:"/imms"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844487/; classtype:trojan-activity;sid:84707587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844488)"; flow:established,from_client; content:"GET"; http_method; content:"/p9e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844488/; classtype:trojan-activity;sid:84707588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844489)"; flow:established,from_client; content:"GET"; http_method; content:"/nb0"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844489/; classtype:trojan-activity;sid:84707589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844490)"; flow:established,from_client; content:"GET"; http_method; content:"/8cv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844490/; classtype:trojan-activity;sid:84707590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844491)"; flow:established,from_client; content:"GET"; http_method; content:"/vcy"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844491/; classtype:trojan-activity;sid:84707591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844469)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844469/; classtype:trojan-activity;sid:84707569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844439)"; flow:established,from_client; content:"GET"; http_method; content:"/qsj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844439/; classtype:trojan-activity;sid:84707539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844440)"; flow:established,from_client; content:"GET"; http_method; content:"/7o9m"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844440/; classtype:trojan-activity;sid:84707540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844441)"; flow:established,from_client; content:"GET"; http_method; content:"/krf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844441/; classtype:trojan-activity;sid:84707541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844442)"; flow:established,from_client; content:"GET"; http_method; content:"/hvp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844442/; classtype:trojan-activity;sid:84707542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844443)"; flow:established,from_client; content:"GET"; http_method; content:"/7agj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844443/; classtype:trojan-activity;sid:84707543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844444)"; flow:established,from_client; content:"GET"; http_method; content:"/oj3t"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844444/; classtype:trojan-activity;sid:84707544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844445)"; flow:established,from_client; content:"GET"; http_method; content:"/zq4m"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844445/; classtype:trojan-activity;sid:84707545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844446)"; flow:established,from_client; content:"GET"; http_method; content:"/6bar"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844446/; classtype:trojan-activity;sid:84707546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844447)"; flow:established,from_client; content:"GET"; http_method; content:"/vlvd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844447/; classtype:trojan-activity;sid:84707547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844448)"; flow:established,from_client; content:"GET"; http_method; content:"/2kc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844448/; classtype:trojan-activity;sid:84707548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844449)"; flow:established,from_client; content:"GET"; http_method; content:"/gmii"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844449/; classtype:trojan-activity;sid:84707549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844450)"; flow:established,from_client; content:"GET"; http_method; content:"/zwk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844450/; classtype:trojan-activity;sid:84707550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844451)"; flow:established,from_client; content:"GET"; http_method; content:"/bq8c"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844451/; classtype:trojan-activity;sid:84707551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844452)"; flow:established,from_client; content:"GET"; http_method; content:"/ilq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844452/; classtype:trojan-activity;sid:84707552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844453)"; flow:established,from_client; content:"GET"; http_method; content:"/plf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844453/; classtype:trojan-activity;sid:84707553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844454)"; flow:established,from_client; content:"GET"; http_method; content:"/fx1s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844454/; classtype:trojan-activity;sid:84707554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844455)"; flow:established,from_client; content:"GET"; http_method; content:"/nppd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844455/; classtype:trojan-activity;sid:84707555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844456)"; flow:established,from_client; content:"GET"; http_method; content:"/d9h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844456/; classtype:trojan-activity;sid:84707556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844457)"; flow:established,from_client; content:"GET"; http_method; content:"/kdq1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844457/; classtype:trojan-activity;sid:84707557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844458)"; flow:established,from_client; content:"GET"; http_method; content:"/gwx7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844458/; classtype:trojan-activity;sid:84707558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844459)"; flow:established,from_client; content:"GET"; http_method; content:"/qcdp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844459/; classtype:trojan-activity;sid:84707559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844460)"; flow:established,from_client; content:"GET"; http_method; content:"/7tk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844460/; classtype:trojan-activity;sid:84707560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844461)"; flow:established,from_client; content:"GET"; http_method; content:"/l9s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844461/; classtype:trojan-activity;sid:84707561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844462)"; flow:established,from_client; content:"GET"; http_method; content:"/a8o"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844462/; classtype:trojan-activity;sid:84707562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844463)"; flow:established,from_client; content:"GET"; http_method; content:"/mzs"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844463/; classtype:trojan-activity;sid:84707563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844464)"; flow:established,from_client; content:"GET"; http_method; content:"/ezx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844464/; classtype:trojan-activity;sid:84707564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844465)"; flow:established,from_client; content:"GET"; http_method; content:"/lcbd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844465/; classtype:trojan-activity;sid:84707565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844466)"; flow:established,from_client; content:"GET"; http_method; content:"/o32h"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844466/; classtype:trojan-activity;sid:84707566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844467)"; flow:established,from_client; content:"GET"; http_method; content:"/om0"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844467/; classtype:trojan-activity;sid:84707567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844468)"; flow:established,from_client; content:"GET"; http_method; content:"/tyo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844468/; classtype:trojan-activity;sid:84707568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844424)"; flow:established,from_client; content:"GET"; http_method; content:"/l9fh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844424/; classtype:trojan-activity;sid:84707524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844425)"; flow:established,from_client; content:"GET"; http_method; content:"/x5d"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844425/; classtype:trojan-activity;sid:84707525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844426)"; flow:established,from_client; content:"GET"; http_method; content:"/pa14"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844426/; classtype:trojan-activity;sid:84707526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844427)"; flow:established,from_client; content:"GET"; http_method; content:"/m6my"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844427/; classtype:trojan-activity;sid:84707527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844428)"; flow:established,from_client; content:"GET"; http_method; content:"/qd0s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844428/; classtype:trojan-activity;sid:84707528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844429)"; flow:established,from_client; content:"GET"; http_method; content:"/xjyv"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844429/; classtype:trojan-activity;sid:84707529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844430)"; flow:established,from_client; content:"GET"; http_method; content:"/ssr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844430/; classtype:trojan-activity;sid:84707530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmxr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844431/; classtype:trojan-activity;sid:84707531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844432)"; flow:established,from_client; content:"GET"; http_method; content:"/vv0"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844432/; classtype:trojan-activity;sid:84707532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844433)"; flow:established,from_client; content:"GET"; http_method; content:"/o4bn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844433/; classtype:trojan-activity;sid:84707533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844434)"; flow:established,from_client; content:"GET"; http_method; content:"/swbd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844434/; classtype:trojan-activity;sid:84707534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844435)"; flow:established,from_client; content:"GET"; http_method; content:"/rtyq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844435/; classtype:trojan-activity;sid:84707535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844436)"; flow:established,from_client; content:"GET"; http_method; content:"/bom"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844436/; classtype:trojan-activity;sid:84707536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844437)"; flow:established,from_client; content:"GET"; http_method; content:"/x3a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844437/; classtype:trojan-activity;sid:84707537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844438)"; flow:established,from_client; content:"GET"; http_method; content:"/r7hc"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844438/; classtype:trojan-activity;sid:84707538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844399)"; flow:established,from_client; content:"GET"; http_method; content:"/gwxj"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844399/; classtype:trojan-activity;sid:84707499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844400)"; flow:established,from_client; content:"GET"; http_method; content:"/nkz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844400/; classtype:trojan-activity;sid:84707500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844401)"; flow:established,from_client; content:"GET"; http_method; content:"/09h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844401/; classtype:trojan-activity;sid:84707501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844402)"; flow:established,from_client; content:"GET"; http_method; content:"/fown"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844402/; classtype:trojan-activity;sid:84707502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844403)"; flow:established,from_client; content:"GET"; http_method; content:"/jlli"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844403/; classtype:trojan-activity;sid:84707503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844404)"; flow:established,from_client; content:"GET"; http_method; content:"/ra8s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844404/; classtype:trojan-activity;sid:84707504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844405)"; flow:established,from_client; content:"GET"; http_method; content:"/ifb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844405/; classtype:trojan-activity;sid:84707505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844406)"; flow:established,from_client; content:"GET"; http_method; content:"/4b9"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844406/; classtype:trojan-activity;sid:84707506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844407)"; flow:established,from_client; content:"GET"; http_method; content:"/kmq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844407/; classtype:trojan-activity;sid:84707507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844408)"; flow:established,from_client; content:"GET"; http_method; content:"/pmd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844408/; classtype:trojan-activity;sid:84707508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844409)"; flow:established,from_client; content:"GET"; http_method; content:"/ges"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844409/; classtype:trojan-activity;sid:84707509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844410)"; flow:established,from_client; content:"GET"; http_method; content:"/ggur"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844410/; classtype:trojan-activity;sid:84707510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844411)"; flow:established,from_client; content:"GET"; http_method; content:"/6jpw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844411/; classtype:trojan-activity;sid:84707511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844412)"; flow:established,from_client; content:"GET"; http_method; content:"/gato"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844412/; classtype:trojan-activity;sid:84707512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844413)"; flow:established,from_client; content:"GET"; http_method; content:"/1fm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844413/; classtype:trojan-activity;sid:84707513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844414)"; flow:established,from_client; content:"GET"; http_method; content:"/tzj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844414/; classtype:trojan-activity;sid:84707514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844415)"; flow:established,from_client; content:"GET"; http_method; content:"/dwa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844415/; classtype:trojan-activity;sid:84707515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844416)"; flow:established,from_client; content:"GET"; http_method; content:"/7igs"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844416/; classtype:trojan-activity;sid:84707516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844417)"; flow:established,from_client; content:"GET"; http_method; content:"/1ot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844417/; classtype:trojan-activity;sid:84707517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844418)"; flow:established,from_client; content:"GET"; http_method; content:"/aaaf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844418/; classtype:trojan-activity;sid:84707518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844419)"; flow:established,from_client; content:"GET"; http_method; content:"/0jw5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844419/; classtype:trojan-activity;sid:84707519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844420)"; flow:established,from_client; content:"GET"; http_method; content:"/vvnk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844420/; classtype:trojan-activity;sid:84707520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844421)"; flow:established,from_client; content:"GET"; http_method; content:"/k4e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844421/; classtype:trojan-activity;sid:84707521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844422)"; flow:established,from_client; content:"GET"; http_method; content:"/qilu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844422/; classtype:trojan-activity;sid:84707522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844423)"; flow:established,from_client; content:"GET"; http_method; content:"/5cdd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844423/; classtype:trojan-activity;sid:84707523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844372)"; flow:established,from_client; content:"GET"; http_method; content:"/os0y"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844372/; classtype:trojan-activity;sid:84707472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844373)"; flow:established,from_client; content:"GET"; http_method; content:"/auc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844373/; classtype:trojan-activity;sid:84707473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844374)"; flow:established,from_client; content:"GET"; http_method; content:"/a6j"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844374/; classtype:trojan-activity;sid:84707474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844375)"; flow:established,from_client; content:"GET"; http_method; content:"/ce6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844375/; classtype:trojan-activity;sid:84707475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844376)"; flow:established,from_client; content:"GET"; http_method; content:"/3fd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844376/; classtype:trojan-activity;sid:84707476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844377)"; flow:established,from_client; content:"GET"; http_method; content:"/jhhg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844377/; classtype:trojan-activity;sid:84707477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844378)"; flow:established,from_client; content:"GET"; http_method; content:"/lsmw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844378/; classtype:trojan-activity;sid:84707478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844379)"; flow:established,from_client; content:"GET"; http_method; content:"/plv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844379/; classtype:trojan-activity;sid:84707479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844380)"; flow:established,from_client; content:"GET"; http_method; content:"/jszf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844380/; classtype:trojan-activity;sid:84707480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844381)"; flow:established,from_client; content:"GET"; http_method; content:"/9p74"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844381/; classtype:trojan-activity;sid:84707481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844382)"; flow:established,from_client; content:"GET"; http_method; content:"/dqp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844382/; classtype:trojan-activity;sid:84707482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844383)"; flow:established,from_client; content:"GET"; http_method; content:"/x5e0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844383/; classtype:trojan-activity;sid:84707483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844384)"; flow:established,from_client; content:"GET"; http_method; content:"/b3xs"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844384/; classtype:trojan-activity;sid:84707484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844385)"; flow:established,from_client; content:"GET"; http_method; content:"/709"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844385/; classtype:trojan-activity;sid:84707485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844386)"; flow:established,from_client; content:"GET"; http_method; content:"/st6h"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844386/; classtype:trojan-activity;sid:84707486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844387)"; flow:established,from_client; content:"GET"; http_method; content:"/kgzk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844387/; classtype:trojan-activity;sid:84707487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844388)"; flow:established,from_client; content:"GET"; http_method; content:"/f4m"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844388/; classtype:trojan-activity;sid:84707488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844389)"; flow:established,from_client; content:"GET"; http_method; content:"/1bqw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844389/; classtype:trojan-activity;sid:84707489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844390)"; flow:established,from_client; content:"GET"; http_method; content:"/ecz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844390/; classtype:trojan-activity;sid:84707490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844391)"; flow:established,from_client; content:"GET"; http_method; content:"/cuah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844391/; classtype:trojan-activity;sid:84707491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844392)"; flow:established,from_client; content:"GET"; http_method; content:"/heej"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844392/; classtype:trojan-activity;sid:84707492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844393)"; flow:established,from_client; content:"GET"; http_method; content:"/sngv"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844393/; classtype:trojan-activity;sid:84707493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844394)"; flow:established,from_client; content:"GET"; http_method; content:"/cdkh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844394/; classtype:trojan-activity;sid:84707494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844395)"; flow:established,from_client; content:"GET"; http_method; content:"/1og"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844395/; classtype:trojan-activity;sid:84707495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844396)"; flow:established,from_client; content:"GET"; http_method; content:"/3fvx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844396/; classtype:trojan-activity;sid:84707496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844397)"; flow:established,from_client; content:"GET"; http_method; content:"/r4op"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844397/; classtype:trojan-activity;sid:84707497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844398)"; flow:established,from_client; content:"GET"; http_method; content:"/id9h"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844398/; classtype:trojan-activity;sid:84707498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844362)"; flow:established,from_client; content:"GET"; http_method; content:"/y2k"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844362/; classtype:trojan-activity;sid:84707462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844363)"; flow:established,from_client; content:"GET"; http_method; content:"/sfp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844363/; classtype:trojan-activity;sid:84707463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844364)"; flow:established,from_client; content:"GET"; http_method; content:"/drp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844364/; classtype:trojan-activity;sid:84707464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844365)"; flow:established,from_client; content:"GET"; http_method; content:"/uvh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844365/; classtype:trojan-activity;sid:84707465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844366)"; flow:established,from_client; content:"GET"; http_method; content:"/mjd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844366/; classtype:trojan-activity;sid:84707466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844367)"; flow:established,from_client; content:"GET"; http_method; content:"/ual"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844367/; classtype:trojan-activity;sid:84707467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844368)"; flow:established,from_client; content:"GET"; http_method; content:"/a7y"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844368/; classtype:trojan-activity;sid:84707468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844369)"; flow:established,from_client; content:"GET"; http_method; content:"/d3tx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844369/; classtype:trojan-activity;sid:84707469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844370)"; flow:established,from_client; content:"GET"; http_method; content:"/ezy"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844370/; classtype:trojan-activity;sid:84707470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844371)"; flow:established,from_client; content:"GET"; http_method; content:"/ge8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844371/; classtype:trojan-activity;sid:84707471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844360)"; flow:established,from_client; content:"GET"; http_method; content:"/laf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844360/; classtype:trojan-activity;sid:84707460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844361)"; flow:established,from_client; content:"GET"; http_method; content:"/hrt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844361/; classtype:trojan-activity;sid:84707461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844322)"; flow:established,from_client; content:"GET"; http_method; content:"/xait"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844322/; classtype:trojan-activity;sid:84707422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844323)"; flow:established,from_client; content:"GET"; http_method; content:"/dw38"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844323/; classtype:trojan-activity;sid:84707423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844324)"; flow:established,from_client; content:"GET"; http_method; content:"/ees"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844324/; classtype:trojan-activity;sid:84707424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844325)"; flow:established,from_client; content:"GET"; http_method; content:"/l7u"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844325/; classtype:trojan-activity;sid:84707425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844326)"; flow:established,from_client; content:"GET"; http_method; content:"/6dku"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844326/; classtype:trojan-activity;sid:84707426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844327)"; flow:established,from_client; content:"GET"; http_method; content:"/gt7d"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844327/; classtype:trojan-activity;sid:84707427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844328)"; flow:established,from_client; content:"GET"; http_method; content:"/ndsr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844328/; classtype:trojan-activity;sid:84707428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844329)"; flow:established,from_client; content:"GET"; http_method; content:"/fvi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844329/; classtype:trojan-activity;sid:84707429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844330)"; flow:established,from_client; content:"GET"; http_method; content:"/mdg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844330/; classtype:trojan-activity;sid:84707430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844331)"; flow:established,from_client; content:"GET"; http_method; content:"/dgjb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844331/; classtype:trojan-activity;sid:84707431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844332)"; flow:established,from_client; content:"GET"; http_method; content:"/2lnw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844332/; classtype:trojan-activity;sid:84707432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844333)"; flow:established,from_client; content:"GET"; http_method; content:"/ulhn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844333/; classtype:trojan-activity;sid:84707433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844334)"; flow:established,from_client; content:"GET"; http_method; content:"/a7pl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844334/; classtype:trojan-activity;sid:84707434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844335)"; flow:established,from_client; content:"GET"; http_method; content:"/umes"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844335/; classtype:trojan-activity;sid:84707435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844336)"; flow:established,from_client; content:"GET"; http_method; content:"/lj3"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844336/; classtype:trojan-activity;sid:84707436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844337)"; flow:established,from_client; content:"GET"; http_method; content:"/n2as"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844337/; classtype:trojan-activity;sid:84707437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844338)"; flow:established,from_client; content:"GET"; http_method; content:"/oc6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844338/; classtype:trojan-activity;sid:84707438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844339)"; flow:established,from_client; content:"GET"; http_method; content:"/3myb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844339/; classtype:trojan-activity;sid:84707439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844340)"; flow:established,from_client; content:"GET"; http_method; content:"/lpb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844340/; classtype:trojan-activity;sid:84707440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844341)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ri"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844341/; classtype:trojan-activity;sid:84707441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844342)"; flow:established,from_client; content:"GET"; http_method; content:"/pplt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844342/; classtype:trojan-activity;sid:84707442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844343)"; flow:established,from_client; content:"GET"; http_method; content:"/51ez"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844343/; classtype:trojan-activity;sid:84707443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844344)"; flow:established,from_client; content:"GET"; http_method; content:"/9xu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844344/; classtype:trojan-activity;sid:84707444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844345)"; flow:established,from_client; content:"GET"; http_method; content:"/avn"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844345/; classtype:trojan-activity;sid:84707445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844346)"; flow:established,from_client; content:"GET"; http_method; content:"/uiwg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844346/; classtype:trojan-activity;sid:84707446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844347)"; flow:established,from_client; content:"GET"; http_method; content:"/56u"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844347/; classtype:trojan-activity;sid:84707447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844348)"; flow:established,from_client; content:"GET"; http_method; content:"/kpq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844348/; classtype:trojan-activity;sid:84707448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844349)"; flow:established,from_client; content:"GET"; http_method; content:"/q69w"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844349/; classtype:trojan-activity;sid:84707449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844350)"; flow:established,from_client; content:"GET"; http_method; content:"/qf2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844350/; classtype:trojan-activity;sid:84707450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844351)"; flow:established,from_client; content:"GET"; http_method; content:"/tln"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844351/; classtype:trojan-activity;sid:84707451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844352)"; flow:established,from_client; content:"GET"; http_method; content:"/avd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844352/; classtype:trojan-activity;sid:84707452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844353)"; flow:established,from_client; content:"GET"; http_method; content:"/cap"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844353/; classtype:trojan-activity;sid:84707453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844354)"; flow:established,from_client; content:"GET"; http_method; content:"/nd6h"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844354/; classtype:trojan-activity;sid:84707454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844355)"; flow:established,from_client; content:"GET"; http_method; content:"/pezf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844355/; classtype:trojan-activity;sid:84707455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844356)"; flow:established,from_client; content:"GET"; http_method; content:"/n6c"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844356/; classtype:trojan-activity;sid:84707456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844357)"; flow:established,from_client; content:"GET"; http_method; content:"/56t"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844357/; classtype:trojan-activity;sid:84707457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844358)"; flow:established,from_client; content:"GET"; http_method; content:"/tzu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844358/; classtype:trojan-activity;sid:84707458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844359)"; flow:established,from_client; content:"GET"; http_method; content:"/63x"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844359/; classtype:trojan-activity;sid:84707459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844320)"; flow:established,from_client; content:"GET"; http_method; content:"/evo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844320/; classtype:trojan-activity;sid:84707420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844321)"; flow:established,from_client; content:"GET"; http_method; content:"/kpj7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844321/; classtype:trojan-activity;sid:84707421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844280)"; flow:established,from_client; content:"GET"; http_method; content:"/zwfl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844280/; classtype:trojan-activity;sid:84707380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844281)"; flow:established,from_client; content:"GET"; http_method; content:"/ohq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844281/; classtype:trojan-activity;sid:84707381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844282)"; flow:established,from_client; content:"GET"; http_method; content:"/15ex"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844282/; classtype:trojan-activity;sid:84707382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844283)"; flow:established,from_client; content:"GET"; http_method; content:"/qjh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844283/; classtype:trojan-activity;sid:84707383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844284)"; flow:established,from_client; content:"GET"; http_method; content:"/btlu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844284/; classtype:trojan-activity;sid:84707384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844285)"; flow:established,from_client; content:"GET"; http_method; content:"/agmy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844285/; classtype:trojan-activity;sid:84707385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844286)"; flow:established,from_client; content:"GET"; http_method; content:"/bkvd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844286/; classtype:trojan-activity;sid:84707386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844287)"; flow:established,from_client; content:"GET"; http_method; content:"/nmx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844287/; classtype:trojan-activity;sid:84707387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844288)"; flow:established,from_client; content:"GET"; http_method; content:"/554"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844288/; classtype:trojan-activity;sid:84707388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844289)"; flow:established,from_client; content:"GET"; http_method; content:"/r51"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844289/; classtype:trojan-activity;sid:84707389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844290)"; flow:established,from_client; content:"GET"; http_method; content:"/8gt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844290/; classtype:trojan-activity;sid:84707390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844291)"; flow:established,from_client; content:"GET"; http_method; content:"/j9r5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844291/; classtype:trojan-activity;sid:84707391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844292)"; flow:established,from_client; content:"GET"; http_method; content:"/zhtm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844292/; classtype:trojan-activity;sid:84707392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844293)"; flow:established,from_client; content:"GET"; http_method; content:"/puhh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844293/; classtype:trojan-activity;sid:84707393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844294)"; flow:established,from_client; content:"GET"; http_method; content:"/jujt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844294/; classtype:trojan-activity;sid:84707394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844295)"; flow:established,from_client; content:"GET"; http_method; content:"/j4zb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844295/; classtype:trojan-activity;sid:84707395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844296)"; flow:established,from_client; content:"GET"; http_method; content:"/e6av"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844296/; classtype:trojan-activity;sid:84707396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844297)"; flow:established,from_client; content:"GET"; http_method; content:"/y0pg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844297/; classtype:trojan-activity;sid:84707397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844298)"; flow:established,from_client; content:"GET"; http_method; content:"/wgb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844298/; classtype:trojan-activity;sid:84707398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844299)"; flow:established,from_client; content:"GET"; http_method; content:"/36n"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844299/; classtype:trojan-activity;sid:84707399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844300)"; flow:established,from_client; content:"GET"; http_method; content:"/z54a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844300/; classtype:trojan-activity;sid:84707400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844301)"; flow:established,from_client; content:"GET"; http_method; content:"/l1x"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844301/; classtype:trojan-activity;sid:84707401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844302)"; flow:established,from_client; content:"GET"; http_method; content:"/lig2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844302/; classtype:trojan-activity;sid:84707402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844303)"; flow:established,from_client; content:"GET"; http_method; content:"/cax"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844303/; classtype:trojan-activity;sid:84707403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844304)"; flow:established,from_client; content:"GET"; http_method; content:"/hin9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844304/; classtype:trojan-activity;sid:84707404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844305)"; flow:established,from_client; content:"GET"; http_method; content:"/sqc2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844305/; classtype:trojan-activity;sid:84707405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844306)"; flow:established,from_client; content:"GET"; http_method; content:"/pfg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844306/; classtype:trojan-activity;sid:84707406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844307)"; flow:established,from_client; content:"GET"; http_method; content:"/pi6b"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844307/; classtype:trojan-activity;sid:84707407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844308)"; flow:established,from_client; content:"GET"; http_method; content:"/98j"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844308/; classtype:trojan-activity;sid:84707408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844309)"; flow:established,from_client; content:"GET"; http_method; content:"/yas"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844309/; classtype:trojan-activity;sid:84707409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844310)"; flow:established,from_client; content:"GET"; http_method; content:"/cz4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844310/; classtype:trojan-activity;sid:84707410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844311)"; flow:established,from_client; content:"GET"; http_method; content:"/ehy5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844311/; classtype:trojan-activity;sid:84707411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844312)"; flow:established,from_client; content:"GET"; http_method; content:"/d86f"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844312/; classtype:trojan-activity;sid:84707412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844313)"; flow:established,from_client; content:"GET"; http_method; content:"/mri"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844313/; classtype:trojan-activity;sid:84707413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844314)"; flow:established,from_client; content:"GET"; http_method; content:"/47o7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844314/; classtype:trojan-activity;sid:84707414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844315)"; flow:established,from_client; content:"GET"; http_method; content:"/vax"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844315/; classtype:trojan-activity;sid:84707415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844316)"; flow:established,from_client; content:"GET"; http_method; content:"/bddg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844316/; classtype:trojan-activity;sid:84707416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844317)"; flow:established,from_client; content:"GET"; http_method; content:"/rmfq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844317/; classtype:trojan-activity;sid:84707417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844318)"; flow:established,from_client; content:"GET"; http_method; content:"/pfx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844318/; classtype:trojan-activity;sid:84707418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844319)"; flow:established,from_client; content:"GET"; http_method; content:"/wezd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844319/; classtype:trojan-activity;sid:84707419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.234.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844279/; classtype:trojan-activity;sid:84707379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.126.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844278/; classtype:trojan-activity;sid:84707378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844276/; classtype:trojan-activity;sid:84707376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.231.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844277/; classtype:trojan-activity;sid:84707377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.126.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844275/; classtype:trojan-activity;sid:84707375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844274/; classtype:trojan-activity;sid:84707374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.255.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844273/; classtype:trojan-activity;sid:84707373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.56.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844272/; classtype:trojan-activity;sid:84707372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.56.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844271/; classtype:trojan-activity;sid:84707371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.100.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844270/; classtype:trojan-activity;sid:84707370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.234.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844269/; classtype:trojan-activity;sid:84707369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.255.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844268/; classtype:trojan-activity;sid:84707368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.110.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844267/; classtype:trojan-activity;sid:84707367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.18.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844266/; classtype:trojan-activity;sid:84707366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844265/; classtype:trojan-activity;sid:84707365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.85.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844264/; classtype:trojan-activity;sid:84707364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.100.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844263/; classtype:trojan-activity;sid:84707363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.110.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844262/; classtype:trojan-activity;sid:84707362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844261/; classtype:trojan-activity;sid:84707361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.18.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844260/; classtype:trojan-activity;sid:84707360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_11; reference:url, urlhaus.abuse.ch/url/3844259/; classtype:trojan-activity;sid:84707359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844258/; classtype:trojan-activity;sid:84707358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.15.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844257/; classtype:trojan-activity;sid:84707357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.230.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844256/; classtype:trojan-activity;sid:84707356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.180.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844255/; classtype:trojan-activity;sid:84707355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844254/; classtype:trojan-activity;sid:84707354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.190.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844253/; classtype:trojan-activity;sid:84707353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.231.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844252/; classtype:trojan-activity;sid:84707352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.180.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844251/; classtype:trojan-activity;sid:84707351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.111.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844250/; classtype:trojan-activity;sid:84707350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.155.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844249/; classtype:trojan-activity;sid:84707349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844248/; classtype:trojan-activity;sid:84707348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844247/; classtype:trojan-activity;sid:84707347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.155.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844246/; classtype:trojan-activity;sid:84707346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844245/; classtype:trojan-activity;sid:84707345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.109.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844244/; classtype:trojan-activity;sid:84707344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.207.128.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844243/; classtype:trojan-activity;sid:84707343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.150.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844242/; classtype:trojan-activity;sid:84707342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844241/; classtype:trojan-activity;sid:84707341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.109.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844240/; classtype:trojan-activity;sid:84707340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844232)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844232/; classtype:trojan-activity;sid:84707332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844233)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844233/; classtype:trojan-activity;sid:84707333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844234)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844234/; classtype:trojan-activity;sid:84707334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844235)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844235/; classtype:trojan-activity;sid:84707335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844236/; classtype:trojan-activity;sid:84707336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844237/; classtype:trojan-activity;sid:84707337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844238/; classtype:trojan-activity;sid:84707338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844239/; classtype:trojan-activity;sid:84707339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844228)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844228/; classtype:trojan-activity;sid:84707328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844229)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844229/; classtype:trojan-activity;sid:84707329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844230)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844230/; classtype:trojan-activity;sid:84707330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844231)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844231/; classtype:trojan-activity;sid:84707331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.86.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844227/; classtype:trojan-activity;sid:84707327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844226)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.i486"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844226/; classtype:trojan-activity;sid:84707326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.142.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844225/; classtype:trojan-activity;sid:84707325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.86.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844224/; classtype:trojan-activity;sid:84707324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844223/; classtype:trojan-activity;sid:84707323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.112.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844222/; classtype:trojan-activity;sid:84707322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844221)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.236.37.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844221/; classtype:trojan-activity;sid:84707321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844220)"; flow:established,from_client; content:"GET"; http_method; content:"/masscan"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.236.37.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844220/; classtype:trojan-activity;sid:84707320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.111.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844219/; classtype:trojan-activity;sid:84707319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.25.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844218/; classtype:trojan-activity;sid:84707318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.111.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844217/; classtype:trojan-activity;sid:84707317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.25.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844216/; classtype:trojan-activity;sid:84707316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844215)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/loader.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bernasibutuwqu2.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844215/; classtype:trojan-activity;sid:84707315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844214)"; flow:established,from_client; content:"GET"; http_method; content:"/debug/payload.applescript"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"bernasibutuwqu2.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844214/; classtype:trojan-activity;sid:84707314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.70.186.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844212/; classtype:trojan-activity;sid:84707312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844213)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rubbermax.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844213/; classtype:trojan-activity;sid:84707313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844210)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photo-02-05.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844210/; classtype:trojan-activity;sid:84707310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844211)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"we-max-photo.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844211/; classtype:trojan-activity;sid:84707311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844208)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/rvctx33.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844208/; classtype:trojan-activity;sid:84707308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844209)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/float-client.jar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"donutsmpcheat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844209/; classtype:trojan-activity;sid:84707309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844206)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/kia910k.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844206/; classtype:trojan-activity;sid:84707306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844207)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/zna6qzg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844207/; classtype:trojan-activity;sid:84707307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844199)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/6ttnsh7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844199/; classtype:trojan-activity;sid:84707299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844200)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/kipkifh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844200/; classtype:trojan-activity;sid:84707300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844201)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/3hdycii.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844201/; classtype:trojan-activity;sid:84707301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844202)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/aytwblz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844202/; classtype:trojan-activity;sid:84707302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844203)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/k9ygjlp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844203/; classtype:trojan-activity;sid:84707303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844204)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/uiiihfd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844204/; classtype:trojan-activity;sid:84707304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844205)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/dbrmzfk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844205/; classtype:trojan-activity;sid:84707305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844197)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"avaria102dtponlaine.vercel.app"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844197/; classtype:trojan-activity;sid:84707297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844198)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/kryptonite-cracked.jar"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"donutsmpcheat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844198/; classtype:trojan-activity;sid:84707298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844190)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vk-video-dtp.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844190/; classtype:trojan-activity;sid:84707290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844191)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/xenon-cracked.jar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"donutsmpcheat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844191/; classtype:trojan-activity;sid:84707291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844192)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/solar-client.jar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"donutsmpcheat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844192/; classtype:trojan-activity;sid:84707292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844193)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wephoto.vercel.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844193/; classtype:trojan-activity;sid:84707293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844194)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"video-files-24.cfd"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844194/; classtype:trojan-activity;sid:84707294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844195)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"videosdtpr.vercel.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844195/; classtype:trojan-activity;sid:84707295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844196)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/meteor-client.jar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"donutsmpcheat.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844196/; classtype:trojan-activity;sid:84707296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844189)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"kameraruonlaine.vercel.app"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844189/; classtype:trojan-activity;sid:84707289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844186)"; flow:established,from_client; content:"GET"; http_method; content:"/download"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"downloadmaxfile.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844186/; classtype:trojan-activity;sid:84707286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844187)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"102policeonlainedtp.vercel.app"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844187/; classtype:trojan-activity;sid:84707287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844188)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2026policedtp.vercel.app"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844188/; classtype:trojan-activity;sid:84707288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844185)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photojopik.vercel.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844185/; classtype:trojan-activity;sid:84707285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844175)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/0yktjef.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844175/; classtype:trojan-activity;sid:84707275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844176)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/ewsuxox.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844176/; classtype:trojan-activity;sid:84707276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844177)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/bwjpsd5.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844177/; classtype:trojan-activity;sid:84707277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844178)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/9lrzblj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844178/; classtype:trojan-activity;sid:84707278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844179)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/exidgxs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844179/; classtype:trojan-activity;sid:84707279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844180)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/9tylaum.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844180/; classtype:trojan-activity;sid:84707280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844181)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/lwjjein.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844181/; classtype:trojan-activity;sid:84707281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844182)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/6ttnsh7.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844182/; classtype:trojan-activity;sid:84707282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844183)"; flow:established,from_client; content:"GET"; http_method; content:"/files/715644737/xv72alj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844183/; classtype:trojan-activity;sid:84707283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844184)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/brot051.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844184/; classtype:trojan-activity;sid:84707284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844168)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/efgbs2q.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844168/; classtype:trojan-activity;sid:84707268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844169)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/dpslke1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844169/; classtype:trojan-activity;sid:84707269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844170)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/qgeunem.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844170/; classtype:trojan-activity;sid:84707270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844171)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/nmwyfww.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844171/; classtype:trojan-activity;sid:84707271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844172)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/1x8ty42.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844172/; classtype:trojan-activity;sid:84707272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/377fvul.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844173/; classtype:trojan-activity;sid:84707273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844174)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/jmztd18.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844174/; classtype:trojan-activity;sid:84707274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844143)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/zyv8iuy.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844143/; classtype:trojan-activity;sid:84707243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844144)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/tng8nf2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844144/; classtype:trojan-activity;sid:84707244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844145)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/xrbwqmi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844145/; classtype:trojan-activity;sid:84707245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844146)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/4xhy0ua.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844146/; classtype:trojan-activity;sid:84707246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844147)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/kikvpv3.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844147/; classtype:trojan-activity;sid:84707247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844148)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/ma2i83j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844148/; classtype:trojan-activity;sid:84707248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844149)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/jxcrwvd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844149/; classtype:trojan-activity;sid:84707249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844150)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/klca9rk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844150/; classtype:trojan-activity;sid:84707250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844151)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/9tylaum.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844151/; classtype:trojan-activity;sid:84707251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844152)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/4kludhr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844152/; classtype:trojan-activity;sid:84707252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844153)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/awb1ryt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844153/; classtype:trojan-activity;sid:84707253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844154)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/8rujxmr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844154/; classtype:trojan-activity;sid:84707254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844155)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/xs3aqc0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844155/; classtype:trojan-activity;sid:84707255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844156)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/uwxixwf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844156/; classtype:trojan-activity;sid:84707256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844157)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/towtzpl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844157/; classtype:trojan-activity;sid:84707257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844158)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6077499728/iqw9iq7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844158/; classtype:trojan-activity;sid:84707258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844159)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/erlpoq5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844159/; classtype:trojan-activity;sid:84707259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844160)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/cb0v8v5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844160/; classtype:trojan-activity;sid:84707260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844161)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/ugid4pl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844161/; classtype:trojan-activity;sid:84707261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844162)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/qekymha.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844162/; classtype:trojan-activity;sid:84707262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844163)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/czwmjn5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844163/; classtype:trojan-activity;sid:84707263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844164)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/sb9ud3f.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844164/; classtype:trojan-activity;sid:84707264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844165)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/sn4rvoi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844165/; classtype:trojan-activity;sid:84707265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844166)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/ncvf8vj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844166/; classtype:trojan-activity;sid:84707266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844167)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/nvt8bmp.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844167/; classtype:trojan-activity;sid:84707267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844142)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrex_3.2.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cyrex-cheats.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844142/; classtype:trojan-activity;sid:84707242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844139)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/hdyq1rb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844139/; classtype:trojan-activity;sid:84707239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844140)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/wprb475.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844140/; classtype:trojan-activity;sid:84707240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844141)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/r5f7meo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844141/; classtype:trojan-activity;sid:84707241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844136)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/3032ike.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844136/; classtype:trojan-activity;sid:84707236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844137)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8176913892/vz0cxxy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844137/; classtype:trojan-activity;sid:84707237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844138)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/budksm4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844138/; classtype:trojan-activity;sid:84707238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844135)"; flow:established,from_client; content:"GET"; http_method; content:"/sauxobwy.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"digiztechllc.co"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844135/; classtype:trojan-activity;sid:84707235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844134)"; flow:established,from_client; content:"GET"; http_method; content:"/paperrig/paperrigofficial/refs/heads/main/downloads/paperrig-v2.jar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844134/; classtype:trojan-activity;sid:84707234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844130)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8212392349/0alosyh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844130/; classtype:trojan-activity;sid:84707230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844131)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7382018045/3urahpr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844131/; classtype:trojan-activity;sid:84707231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844132)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6099399783/qiket39.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844132/; classtype:trojan-activity;sid:84707232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844133)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8212392349/2n2vb1v.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844133/; classtype:trojan-activity;sid:84707233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.141.233.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844129/; classtype:trojan-activity;sid:84707229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.70.186.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844128/; classtype:trojan-activity;sid:84707228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.29.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844127/; classtype:trojan-activity;sid:84707227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.127.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844126/; classtype:trojan-activity;sid:84707226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844124)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844124/; classtype:trojan-activity;sid:84707224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844125)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/debug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844125/; classtype:trojan-activity;sid:84707225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844120)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844120/; classtype:trojan-activity;sid:84707220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844121)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844121/; classtype:trojan-activity;sid:84707221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844122)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844122/; classtype:trojan-activity;sid:84707222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844123)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844123/; classtype:trojan-activity;sid:84707223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844115)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844115/; classtype:trojan-activity;sid:84707215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844116)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844116/; classtype:trojan-activity;sid:84707216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844117)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844117/; classtype:trojan-activity;sid:84707217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844118)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844118/; classtype:trojan-activity;sid:84707218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844119)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844119/; classtype:trojan-activity;sid:84707219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844110)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844110/; classtype:trojan-activity;sid:84707210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844111)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844111/; classtype:trojan-activity;sid:84707211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844112)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844112/; classtype:trojan-activity;sid:84707212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844113)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844113/; classtype:trojan-activity;sid:84707213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844114)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.83.207.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844114/; classtype:trojan-activity;sid:84707214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844109)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"extnetprox.devharbor.pics"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844109/; classtype:trojan-activity;sid:84707209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844108)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"extnetprox.devharbor.pics"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844108/; classtype:trojan-activity;sid:84707208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844107)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"pkgrunstat.devharbor.pics"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844107/; classtype:trojan-activity;sid:84707207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844106)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"modbusdata.devharbor.pics"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844106/; classtype:trojan-activity;sid:84707206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844105)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"srcgetproc.devharbor.pics"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844105/; classtype:trojan-activity;sid:84707205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844104)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ftpsrv.pixelmesh.pics"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844104/; classtype:trojan-activity;sid:84707204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844103/; classtype:trojan-activity;sid:84707203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844102)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"libsyspathview.pixelmesh.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844102/; classtype:trojan-activity;sid:84707202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844101)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"libsyspathview.pixelmesh.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844101/; classtype:trojan-activity;sid:84707201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844100)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jobadm.pixelmesh.pics"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844100/; classtype:trojan-activity;sid:84707200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.148.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844099/; classtype:trojan-activity;sid:84707199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844098)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"zipark.pixelmesh.pics"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844098/; classtype:trojan-activity;sid:84707198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844097)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"metaltscfgmgr.logicframe.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844097/; classtype:trojan-activity;sid:84707197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844096)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ftpsrv.framevector.ink"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844096/; classtype:trojan-activity;sid:84707196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844095)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"libsyspathview.framevector.ink"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844095/; classtype:trojan-activity;sid:84707195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844094)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"libsyspathview.framevector.ink"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844094/; classtype:trojan-activity;sid:84707194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844093)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"apidocserv.logicframe.pics"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844093/; classtype:trojan-activity;sid:84707193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844092)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"jobadm.framevector.ink"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844092/; classtype:trojan-activity;sid:84707192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844091)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"apidocserv.logicframe.pics"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844091/; classtype:trojan-activity;sid:84707191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844090)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dbinst.logicframe.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844090/; classtype:trojan-activity;sid:84707190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844089)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"rawdatamapping.framevector.ink"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844089/; classtype:trojan-activity;sid:84707189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844088/; classtype:trojan-activity;sid:84707188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844087)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"skyvpnnodehub.logicframe.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844087/; classtype:trojan-activity;sid:84707187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844086)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"zipark.framevector.ink"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844086/; classtype:trojan-activity;sid:84707186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844084)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"metaltscfgmgr.systemforge.ink"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844084/; classtype:trojan-activity;sid:84707184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.190.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844085/; classtype:trojan-activity;sid:84707185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844082)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cmdset.logicframe.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844082/; classtype:trojan-activity;sid:84707182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844083)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cmdset.logicframe.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844083/; classtype:trojan-activity;sid:84707183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844081)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"metaltscfgmgr.systemforge.ink"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844081/; classtype:trojan-activity;sid:84707181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844080)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sshbin.cloudstack.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844080/; classtype:trojan-activity;sid:84707180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.116.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844079/; classtype:trojan-activity;sid:84707179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844078)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"apidocserv.systemforge.ink"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844078/; classtype:trojan-activity;sid:84707178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844077)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sslkeybasepoint.cloudstack.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844077/; classtype:trojan-activity;sid:84707177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844076)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dbinst.systemforge.ink"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844076/; classtype:trojan-activity;sid:84707176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844075)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"getcfghub.cloudstack.pics"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844075/; classtype:trojan-activity;sid:84707175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.127.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844074/; classtype:trojan-activity;sid:84707174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844073)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"skyvpnnodehub.systemforge.ink"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844073/; classtype:trojan-activity;sid:84707173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844072)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ipnodeclisys.cloudstack.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844072/; classtype:trojan-activity;sid:84707172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844071)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cmdset.systemforge.ink"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844071/; classtype:trojan-activity;sid:84707171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844070)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"hotfix.cloudstack.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844070/; classtype:trojan-activity;sid:84707170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844069)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sshbin.cryptowave.ink"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844069/; classtype:trojan-activity;sid:84707169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844068)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sshbin.cryptowave.ink"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844068/; classtype:trojan-activity;sid:84707168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844067)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"topsvc.bytevector.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844067/; classtype:trojan-activity;sid:84707167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844066)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sslkeybasepoint.cryptowave.ink"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844066/; classtype:trojan-activity;sid:84707166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844065)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"opsmgr.bytevector.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844065/; classtype:trojan-activity;sid:84707165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844064)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"getcfghub.cryptowave.ink"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844064/; classtype:trojan-activity;sid:84707164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844063)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"getcfghub.cryptowave.ink"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844063/; classtype:trojan-activity;sid:84707163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844062)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"cpuprocessormgr.bytevector.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844062/; classtype:trojan-activity;sid:84707162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.88.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844061/; classtype:trojan-activity;sid:84707161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844060)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ipnodeclisys.cryptowave.ink"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844060/; classtype:trojan-activity;sid:84707160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.88.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844059/; classtype:trojan-activity;sid:84707159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844058)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"run.bytevector.pics"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844058/; classtype:trojan-activity;sid:84707158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844057)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"run.bytevector.pics"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844057/; classtype:trojan-activity;sid:84707157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844056)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cpuprocessormgr.bytevector.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844056/; classtype:trojan-activity;sid:84707156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844055)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vpsrun.bytevector.pics"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844055/; classtype:trojan-activity;sid:84707155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844054)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dnswebsrvs.bytevector.pics"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844054/; classtype:trojan-activity;sid:84707154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844053)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"devbits.kernelshift.pics"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844053/; classtype:trojan-activity;sid:84707153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844052)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"logmanagementsys.kernelshift.pics"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844052/; classtype:trojan-activity;sid:84707152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844051)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"api.kernelshift.pics"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844051/; classtype:trojan-activity;sid:84707151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.190.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844050/; classtype:trojan-activity;sid:84707150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.125.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844049/; classtype:trojan-activity;sid:84707149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844048)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"webcdnstat.kernelshift.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844048/; classtype:trojan-activity;sid:84707148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844047)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"webcdnstat.kernelshift.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844047/; classtype:trojan-activity;sid:84707147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844046/; classtype:trojan-activity;sid:84707146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844045)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srvnode.kernelshift.pics"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844045/; classtype:trojan-activity;sid:84707145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844044/; classtype:trojan-activity;sid:84707144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844043)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"optirni-cast.scriptmesh.ink"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844043/; classtype:trojan-activity;sid:84707143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.190.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844042/; classtype:trojan-activity;sid:84707142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844041/; classtype:trojan-activity;sid:84707141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844040)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"civicvehicl.scriptmesh.ink"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844040/; classtype:trojan-activity;sid:84707140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844039)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"designdepot.scriptmesh.ink"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844039/; classtype:trojan-activity;sid:84707139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844038)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vita-not.scriptmesh.ink"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844038/; classtype:trojan-activity;sid:84707138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844037/; classtype:trojan-activity;sid:84707137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844036)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"n0df7.kernelgrid.ink"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844036/; classtype:trojan-activity;sid:84707136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844035/; classtype:trojan-activity;sid:84707135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844034)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dynmark0on.kernelgrid.ink"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844034/; classtype:trojan-activity;sid:84707134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.223.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844033/; classtype:trojan-activity;sid:84707133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844032/; classtype:trojan-activity;sid:84707132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.227.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844031/; classtype:trojan-activity;sid:84707131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844030)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sol-tideen.kernelgrid.ink"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844030/; classtype:trojan-activity;sid:84707130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.66.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844029/; classtype:trojan-activity;sid:84707129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844028)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"v1si-sync.kernelgrid.ink"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844028/; classtype:trojan-activity;sid:84707128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.102.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844027/; classtype:trojan-activity;sid:84707127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844026)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"njrwmhh.cyberframe.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844026/; classtype:trojan-activity;sid:84707126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.227.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844025/; classtype:trojan-activity;sid:84707125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844024)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"2784kns.kernelgrid.ink"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844024/; classtype:trojan-activity;sid:84707124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844023)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"2qjub.logicstack.ink"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844023/; classtype:trojan-activity;sid:84707123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844022)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"macroloop.logicstack.ink"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844022/; classtype:trojan-activity;sid:84707122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844017)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.109.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844017/; classtype:trojan-activity;sid:84707117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844018)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844018/; classtype:trojan-activity;sid:84707118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844019)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844019/; classtype:trojan-activity;sid:84707119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844020)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844020/; classtype:trojan-activity;sid:84707120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844021)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.109.200.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844021/; classtype:trojan-activity;sid:84707121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844015)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844015/; classtype:trojan-activity;sid:84707115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.205.104.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844016/; classtype:trojan-activity;sid:84707116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844014)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ftscfs.logicstack.ink"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844014/; classtype:trojan-activity;sid:84707114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.23.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844013/; classtype:trojan-activity;sid:84707113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.104.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844012/; classtype:trojan-activity;sid:84707112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844011)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"beartrend.logicstack.ink"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844011/; classtype:trojan-activity;sid:84707111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844010)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"beartrend.logicstack.ink"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844010/; classtype:trojan-activity;sid:84707110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844009/; classtype:trojan-activity;sid:84707109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844008)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"wamemd.logicstack.ink"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844008/; classtype:trojan-activity;sid:84707108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844007)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"wamemd.logicstack.ink"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844007/; classtype:trojan-activity;sid:84707107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844006)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"velmeshix.cyberframe.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844006/; classtype:trojan-activity;sid:84707106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844005)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"tal-valeum.cyberframe.lat"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844005/; classtype:trojan-activity;sid:84707105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844004)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"solnex3et.cybernode.ink"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844004/; classtype:trojan-activity;sid:84707104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844003)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"solnex3et.cybernode.ink"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844003/; classtype:trojan-activity;sid:84707103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844002/; classtype:trojan-activity;sid:84707102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844001)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"netvvork-hinge.cybernode.ink"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844001/; classtype:trojan-activity;sid:84707101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3844000)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"netvvork-hinge.cybernode.ink"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3844000/; classtype:trojan-activity;sid:84707100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843999/; classtype:trojan-activity;sid:84707099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843998)"; flow:established,from_client; content:"GET"; http_method; content:"/05heil6c5-49ds-4764-abb59-368f34ad4245/auth.dll"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"swanresolver.cybernode.ink"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843998/; classtype:trojan-activity;sid:84707098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.23.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843997/; classtype:trojan-activity;sid:84707097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843996)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"h04c.kernelwave.lat"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843996/; classtype:trojan-activity;sid:84707096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843995)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"vorcore2ix.kernelwave.lat"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843995/; classtype:trojan-activity;sid:84707095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843994)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"networ2-forge.scriptmesh.ink"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843994/; classtype:trojan-activity;sid:84707094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843992)"; flow:established,from_client; content:"GET"; http_method; content:"/jjp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843992/; classtype:trojan-activity;sid:84707092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843993)"; flow:established,from_client; content:"GET"; http_method; content:"/ahj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843993/; classtype:trojan-activity;sid:84707093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843976)"; flow:established,from_client; content:"GET"; http_method; content:"/6ib"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843976/; classtype:trojan-activity;sid:84707076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843977)"; flow:established,from_client; content:"GET"; http_method; content:"/0vug"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843977/; classtype:trojan-activity;sid:84707077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843978)"; flow:established,from_client; content:"GET"; http_method; content:"/x6yo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843978/; classtype:trojan-activity;sid:84707078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843979)"; flow:established,from_client; content:"GET"; http_method; content:"/ytqo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843979/; classtype:trojan-activity;sid:84707079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843980)"; flow:established,from_client; content:"GET"; http_method; content:"/0rc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843980/; classtype:trojan-activity;sid:84707080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843981)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843981/; classtype:trojan-activity;sid:84707081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843982)"; flow:established,from_client; content:"GET"; http_method; content:"/zh4k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843982/; classtype:trojan-activity;sid:84707082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843983)"; flow:established,from_client; content:"GET"; http_method; content:"/h4h"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843983/; classtype:trojan-activity;sid:84707083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843984)"; flow:established,from_client; content:"GET"; http_method; content:"/mkdy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843984/; classtype:trojan-activity;sid:84707084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843985)"; flow:established,from_client; content:"GET"; http_method; content:"/jwv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843985/; classtype:trojan-activity;sid:84707085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843986)"; flow:established,from_client; content:"GET"; http_method; content:"/ne4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843986/; classtype:trojan-activity;sid:84707086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843987)"; flow:established,from_client; content:"GET"; http_method; content:"/vga"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843987/; classtype:trojan-activity;sid:84707087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843988)"; flow:established,from_client; content:"GET"; http_method; content:"/tvq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843988/; classtype:trojan-activity;sid:84707088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843989)"; flow:established,from_client; content:"GET"; http_method; content:"/vqx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843989/; classtype:trojan-activity;sid:84707089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843990)"; flow:established,from_client; content:"GET"; http_method; content:"/ozse"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843990/; classtype:trojan-activity;sid:84707090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843991)"; flow:established,from_client; content:"GET"; http_method; content:"/ccj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843991/; classtype:trojan-activity;sid:84707091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843975/; classtype:trojan-activity;sid:84707075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.190.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843974/; classtype:trojan-activity;sid:84707074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843970)"; flow:established,from_client; content:"GET"; http_method; content:"/yg4k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843970/; classtype:trojan-activity;sid:84707070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843971)"; flow:established,from_client; content:"GET"; http_method; content:"/dh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843971/; classtype:trojan-activity;sid:84707071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843972)"; flow:established,from_client; content:"GET"; http_method; content:"/duq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843972/; classtype:trojan-activity;sid:84707072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843973)"; flow:established,from_client; content:"GET"; http_method; content:"/hk.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843973/; classtype:trojan-activity;sid:84707073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843968)"; flow:established,from_client; content:"GET"; http_method; content:"/zy.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843968/; classtype:trojan-activity;sid:84707068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843969)"; flow:established,from_client; content:"GET"; http_method; content:"/tpl.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843969/; classtype:trojan-activity;sid:84707069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843967)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vvh3el-crest.cloudvector.ink"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843967/; classtype:trojan-activity;sid:84707067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.190.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843966/; classtype:trojan-activity;sid:84707066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843965)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"tracke-signal.cryptostack.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843965/; classtype:trojan-activity;sid:84707065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843964/; classtype:trojan-activity;sid:84707064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843963)"; flow:established,from_client; content:"GET"; http_method; content:"/vthh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843963/; classtype:trojan-activity;sid:84707063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843962)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"heathergent.cloudvector.ink"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843962/; classtype:trojan-activity;sid:84707062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843961)"; flow:established,from_client; content:"GET"; http_method; content:"/nrud"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.148.120.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843961/; classtype:trojan-activity;sid:84707061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843960)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"conv-wagon.cryptostack.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843960/; classtype:trojan-activity;sid:84707060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843959)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"tre75.cryptostack.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843959/; classtype:trojan-activity;sid:84707059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.102.7.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843958/; classtype:trojan-activity;sid:84707058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843957)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"wlr33mz.cloudvector.ink"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843957/; classtype:trojan-activity;sid:84707057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843956)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843956/; classtype:trojan-activity;sid:84707056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.38.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843955/; classtype:trojan-activity;sid:84707055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843954)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"7dml.netstack.lat"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843954/; classtype:trojan-activity;sid:84707054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843953)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"5md3.netstack.lat"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843953/; classtype:trojan-activity;sid:84707053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843952)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"5md3.netstack.lat"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843952/; classtype:trojan-activity;sid:84707052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843951)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"thornbanner.cryptostack.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843951/; classtype:trojan-activity;sid:84707051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843950)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"thornbanner.cryptostack.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843950/; classtype:trojan-activity;sid:84707050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.192.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843949/; classtype:trojan-activity;sid:84707049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843948)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"5ccj6.netstack.lat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843948/; classtype:trojan-activity;sid:84707048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843947)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"5ccj6.netstack.lat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843947/; classtype:trojan-activity;sid:84707047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843946)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"trimark5ar.cryptostack.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843946/; classtype:trojan-activity;sid:84707046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843945)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"trimark5ar.cryptostack.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843945/; classtype:trojan-activity;sid:84707045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843944)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"forefern.pixelnode.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843944/; classtype:trojan-activity;sid:84707044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843943)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"forefern.pixelnode.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843943/; classtype:trojan-activity;sid:84707043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843942)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"lkkgv50r.logicbyte.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843942/; classtype:trojan-activity;sid:84707042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.237.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843941/; classtype:trojan-activity;sid:84707041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.237.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843940/; classtype:trojan-activity;sid:84707040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.38.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843939/; classtype:trojan-activity;sid:84707039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843938)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"coreshield.pixelnode.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843938/; classtype:trojan-activity;sid:84707038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843937)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"hyper-c0ra.logicbyte.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843937/; classtype:trojan-activity;sid:84707037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843936)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"aghw.pixelnode.lat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843936/; classtype:trojan-activity;sid:84707036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843935)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"aghw.pixelnode.lat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843935/; classtype:trojan-activity;sid:84707035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.30.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843934/; classtype:trojan-activity;sid:84707034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843933)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"curio-garde.logicbyte.lat"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843933/; classtype:trojan-activity;sid:84707033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843932)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"2t1ridv.logicbyte.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843932/; classtype:trojan-activity;sid:84707032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843931/; classtype:trojan-activity;sid:84707031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843930)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vocalpro.pixelnode.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843930/; classtype:trojan-activity;sid:84707030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.252.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843929/; classtype:trojan-activity;sid:84707029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843928)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_riscv64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843928/; classtype:trojan-activity;sid:84707028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843925)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_amd64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843925/; classtype:trojan-activity;sid:84707025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843926)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_s390x"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843926/; classtype:trojan-activity;sid:84707026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843927)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_ppc64le"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843927/; classtype:trojan-activity;sid:84707027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843922)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_386"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843922/; classtype:trojan-activity;sid:84707022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843923)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_mips64le"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843923/; classtype:trojan-activity;sid:84707023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843924)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843924/; classtype:trojan-activity;sid:84707024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843917)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_mipsle"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843917/; classtype:trojan-activity;sid:84707017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843918)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_arm64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843918/; classtype:trojan-activity;sid:84707018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843919)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843919/; classtype:trojan-activity;sid:84707019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843920)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_mips64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843920/; classtype:trojan-activity;sid:84707020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843921)"; flow:established,from_client; content:"GET"; http_method; content:"/vulcan_arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843921/; classtype:trojan-activity;sid:84707021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.191.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843916/; classtype:trojan-activity;sid:84707016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843913/; classtype:trojan-activity;sid:84707013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bioset0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843914/; classtype:trojan-activity;sid:84707014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843915/; classtype:trojan-activity;sid:84707015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843911/; classtype:trojan-activity;sid:84707011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843912/; classtype:trojan-activity;sid:84707012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843905/; classtype:trojan-activity;sid:84707005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843906/; classtype:trojan-activity;sid:84707006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843907/; classtype:trojan-activity;sid:84707007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843908/; classtype:trojan-activity;sid:84707008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843909/; classtype:trojan-activity;sid:84707009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843910/; classtype:trojan-activity;sid:84707010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843901)"; flow:established,from_client; content:"GET"; http_method; content:"/vision.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843901/; classtype:trojan-activity;sid:84707001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843902/; classtype:trojan-activity;sid:84707002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843903/; classtype:trojan-activity;sid:84707003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.153.34.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843904/; classtype:trojan-activity;sid:84707004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843900)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dynven3um.pixelnode.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843900/; classtype:trojan-activity;sid:84707000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843899)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"vornexal5.logicbyte.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843899/; classtype:trojan-activity;sid:84706999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843898)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"quortideis.cloudmesh.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843898/; classtype:trojan-activity;sid:84706998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.10.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843897/; classtype:trojan-activity;sid:84706997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843894)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843894/; classtype:trojan-activity;sid:84706994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843895)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843895/; classtype:trojan-activity;sid:84706995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843896)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843896/; classtype:trojan-activity;sid:84706996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843893)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843893/; classtype:trojan-activity;sid:84706993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843891)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843891/; classtype:trojan-activity;sid:84706991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843892)"; flow:established,from_client; content:"GET"; http_method; content:"/sysd_mipsle"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843892/; classtype:trojan-activity;sid:84706992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843888)"; flow:established,from_client; content:"GET"; http_method; content:"/sysd_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843888/; classtype:trojan-activity;sid:84706988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843889)"; flow:established,from_client; content:"GET"; http_method; content:"/sysd_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843889/; classtype:trojan-activity;sid:84706989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.178.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843890/; classtype:trojan-activity;sid:84706990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843887)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843887/; classtype:trojan-activity;sid:84706987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843886)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843886/; classtype:trojan-activity;sid:84706986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843881)"; flow:established,from_client; content:"GET"; http_method; content:"/sysd_arm64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843881/; classtype:trojan-activity;sid:84706981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843882)"; flow:established,from_client; content:"GET"; http_method; content:"/sysd_amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843882/; classtype:trojan-activity;sid:84706982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843883)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843883/; classtype:trojan-activity;sid:84706983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843884)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843884/; classtype:trojan-activity;sid:84706984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843885)"; flow:established,from_client; content:"GET"; http_method; content:"/sysd_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843885/; classtype:trojan-activity;sid:84706985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843880)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"northglyp.devmatrix.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843880/; classtype:trojan-activity;sid:84706980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843879)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"videosparrow.cloudmesh.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843879/; classtype:trojan-activity;sid:84706979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843878)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"videosparrow.cloudmesh.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843878/; classtype:trojan-activity;sid:84706978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843877)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"offermedia.devmatrix.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843877/; classtype:trojan-activity;sid:84706977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843876/; classtype:trojan-activity;sid:84706976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843875)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bay-loyal.cloudmesh.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843875/; classtype:trojan-activity;sid:84706975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843874)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bay-loyal.cloudmesh.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843874/; classtype:trojan-activity;sid:84706974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843872)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843872/; classtype:trojan-activity;sid:84706972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843873)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843873/; classtype:trojan-activity;sid:84706973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843871)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843871/; classtype:trojan-activity;sid:84706971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843870)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"woodcora.devmatrix.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843870/; classtype:trojan-activity;sid:84706970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843869)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843869/; classtype:trojan-activity;sid:84706969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843865)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843865/; classtype:trojan-activity;sid:84706965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843866)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843866/; classtype:trojan-activity;sid:84706966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843867)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843867/; classtype:trojan-activity;sid:84706967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843868)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843868/; classtype:trojan-activity;sid:84706968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843863)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843863/; classtype:trojan-activity;sid:84706963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843864)"; flow:established,from_client; content:"GET"; http_method; content:"/xtc.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843864/; classtype:trojan-activity;sid:84706964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843862/; classtype:trojan-activity;sid:84706962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843861)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"proto-s0uth.cloudmesh.lat"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843861/; classtype:trojan-activity;sid:84706961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843860/; classtype:trojan-activity;sid:84706960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843859)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"hyper-w4ve.cloudmesh.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843859/; classtype:trojan-activity;sid:84706959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843858)"; flow:established,from_client; content:"GET"; http_method; content:"/0shl86c5-49ae-4854-a5b9-368f88ad4245/auth.check"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"hyper-w4ve.cloudmesh.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843858/; classtype:trojan-activity;sid:84706958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.201.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843857/; classtype:trojan-activity;sid:84706957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.191.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843856/; classtype:trojan-activity;sid:84706956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843854)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"protecttar.bytegrid.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843854/; classtype:trojan-activity;sid:84706954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843855)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"torrentlabel.devmatrix.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843855/; classtype:trojan-activity;sid:84706955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.150.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843853/; classtype:trojan-activity;sid:84706953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.178.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843852/; classtype:trojan-activity;sid:84706952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843851)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"lfmfi.bytegrid.lat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843851/; classtype:trojan-activity;sid:84706951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843850)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"ht7sq.devmatrix.lat"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843850/; classtype:trojan-activity;sid:84706950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843849)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"narr-isl.bytegrid.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843849/; classtype:trojan-activity;sid:84706949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843847)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sercresta.mongofixcore.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843847/; classtype:trojan-activity;sid:84706947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.20.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843848/; classtype:trojan-activity;sid:84706948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.20.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843846/; classtype:trojan-activity;sid:84706946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843845)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"aligalpha.mongofixcore.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843845/; classtype:trojan-activity;sid:84706945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.192.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843844/; classtype:trojan-activity;sid:84706944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843843)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"dynmarkal.codeflux.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843843/; classtype:trojan-activity;sid:84706943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.242.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843842/; classtype:trojan-activity;sid:84706942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843841)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"kelven7or.mongofixcore.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843841/; classtype:trojan-activity;sid:84706941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843840)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"cryptovault.codeflux.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843840/; classtype:trojan-activity;sid:84706940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.200.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843839/; classtype:trojan-activity;sid:84706939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843838)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"pway7.mongofixcore.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843838/; classtype:trojan-activity;sid:84706938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843837/; classtype:trojan-activity;sid:84706937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843836)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zirviss9.codeflux.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843836/; classtype:trojan-activity;sid:84706936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843835)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zirviss9.codeflux.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843835/; classtype:trojan-activity;sid:84706935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.143.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843834/; classtype:trojan-activity;sid:84706934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843833)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5tone-mesh.mongofixcore.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843833/; classtype:trojan-activity;sid:84706933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843832)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"5tone-mesh.mongofixcore.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843832/; classtype:trojan-activity;sid:84706932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843831)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"queu-scan.codeflux.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843831/; classtype:trojan-activity;sid:84706931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843830)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"gentletide.setqueueat.lat"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843830/; classtype:trojan-activity;sid:84706930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843829)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"lvbj1i51.codeflux.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843829/; classtype:trojan-activity;sid:84706929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843828)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bloom7-hinge.setqueueat.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843828/; classtype:trojan-activity;sid:84706928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843827)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"shipdem.lipshellcore.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843827/; classtype:trojan-activity;sid:84706927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843826/; classtype:trojan-activity;sid:84706926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843825)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"si1e-branch.setqueueat.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843825/; classtype:trojan-activity;sid:84706925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843824)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"script1-gate.lipshellcore.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843824/; classtype:trojan-activity;sid:84706924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843823)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"oakbalancer.setqueueat.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843823/; classtype:trojan-activity;sid:84706923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843822)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"boosmars.lipshellcore.lat"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843822/; classtype:trojan-activity;sid:84706922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843821)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"anchorfreigh.setqueueat.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843821/; classtype:trojan-activity;sid:84706921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843820)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"98ykbe5.lipshellcore.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843820/; classtype:trojan-activity;sid:84706920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843819)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"solspireex3.queuedimsys.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843819/; classtype:trojan-activity;sid:84706919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.184.42.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843818/; classtype:trojan-activity;sid:84706918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843817/; classtype:trojan-activity;sid:84706917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843816)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"quer-graph.lipshellcore.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843816/; classtype:trojan-activity;sid:84706916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843815)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"assetprotect.queuedimsys.lat"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843815/; classtype:trojan-activity;sid:84706915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843814)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"r3age8-index.lipshellcore.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843814/; classtype:trojan-activity;sid:84706914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843813)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sub-vit4.queuedimsys.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843813/; classtype:trojan-activity;sid:84706913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.161.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843812/; classtype:trojan-activity;sid:84706912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843811)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"casual-trail.mixzipcore64.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843811/; classtype:trojan-activity;sid:84706911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.114.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843810/; classtype:trojan-activity;sid:84706910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843809/; classtype:trojan-activity;sid:84706909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843808)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"warmhar.mixzipcore64.lat"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843808/; classtype:trojan-activity;sid:84706908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843807)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"arktide8ex.queuedimsys.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843807/; classtype:trojan-activity;sid:84706907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843806)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"not1fie-mesh.mixzipcore64.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843806/; classtype:trojan-activity;sid:84706906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843805)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"209id.queuedimsys.lat"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843805/; classtype:trojan-activity;sid:84706905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843804)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"rainstudio.userssawtone.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843804/; classtype:trojan-activity;sid:84706904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843803)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bandwid-route.mixzipcore64.lat"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843803/; classtype:trojan-activity;sid:84706903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843802)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"talnex5on.userssawtone.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843802/; classtype:trojan-activity;sid:84706902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843801)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"talnex5on.userssawtone.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843801/; classtype:trojan-activity;sid:84706901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.190.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843800/; classtype:trojan-activity;sid:84706900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843799)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"granitebroad.mixzipcore64.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843799/; classtype:trojan-activity;sid:84706899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843798)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"gxyuad.userssawtone.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843798/; classtype:trojan-activity;sid:84706898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843797)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"tide6-well.mixzipcore64.lat"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843797/; classtype:trojan-activity;sid:84706897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.230.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843796/; classtype:trojan-activity;sid:84706896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843795)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"cry5t4-stream.wetshardauth.lat"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843795/; classtype:trojan-activity;sid:84706895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843794)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"mervaleet.userssawtone.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843794/; classtype:trojan-activity;sid:84706894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843793)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"gr1m-mark.userssawtone.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843793/; classtype:trojan-activity;sid:84706893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843792)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"quormark2et.wetshardauth.lat"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843792/; classtype:trojan-activity;sid:84706892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.230.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843791/; classtype:trojan-activity;sid:84706891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843790)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"channe-grid.wetshardauth.lat"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843790/; classtype:trojan-activity;sid:84706890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843789)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"optwebnode.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843789/; classtype:trojan-activity;sid:84706889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843788)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"5pr0-span.wetshardauth.lat"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843788/; classtype:trojan-activity;sid:84706888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.190.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843787/; classtype:trojan-activity;sid:84706887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.148.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843786/; classtype:trojan-activity;sid:84706886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843785)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"usrgrpstat.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843785/; classtype:trojan-activity;sid:84706885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843784)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"banb3.wetshardauth.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843784/; classtype:trojan-activity;sid:84706884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843783)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"banb3.wetshardauth.lat"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843783/; classtype:trojan-activity;sid:84706883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843782)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"vmlistview.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843782/; classtype:trojan-activity;sid:84706882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843781)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"honestshape.wetshardauth.lat"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843781/; classtype:trojan-activity;sid:84706881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843780)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sshproserv.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843780/; classtype:trojan-activity;sid:84706880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843779)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sshproserv.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843779/; classtype:trojan-activity;sid:84706879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843778)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vel-fluxix.didoprotecauth.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843778/; classtype:trojan-activity;sid:84706878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843777)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"tcpconpath.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843777/; classtype:trojan-activity;sid:84706877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843776)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"sens-ring.didoprotecauth.lat"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843776/; classtype:trojan-activity;sid:84706876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.148.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843775/; classtype:trojan-activity;sid:84706875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843774)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"netmanproc.softnetworkset.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843774/; classtype:trojan-activity;sid:84706874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843773)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"gey5-reach.didoprotecauth.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843773/; classtype:trojan-activity;sid:84706873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843772)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"hz1v.didoprotecauth.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843772/; classtype:trojan-activity;sid:84706872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843771)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"syskeypath.logicstackhub.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843771/; classtype:trojan-activity;sid:84706871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843770)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"webdocserv.logicstackhub.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843770/; classtype:trojan-activity;sid:84706870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.107.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843769/; classtype:trojan-activity;sid:84706869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843768)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"sermesh7um.didoprotecauth.lat"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843768/; classtype:trojan-activity;sid:84706868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843767)"; flow:established,from_client; content:"GET"; http_method; content:"/0shll3eb-5bc6-4f5a-aac4-96cb0296157a/auth.review"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"ujkj.didoprotecauth.lat"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843767/; classtype:trojan-activity;sid:84706867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843766)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"appsrchcli.logicstackhub.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843766/; classtype:trojan-activity;sid:84706866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843765)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"logbinnode.logicstackhub.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843765/; classtype:trojan-activity;sid:84706865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843764)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"apiopsstat.logicstackhub.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843764/; classtype:trojan-activity;sid:84706864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843763)"; flow:established,from_client; content:"GET"; http_method; content:"/so7f5fa6-c8d5-4c28-9e4a-c9fb43ca0d86/verify.check"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"gitlabhubs.logicstackhub.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843763/; classtype:trojan-activity;sid:84706863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843762)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"proxysserv.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843762/; classtype:trojan-activity;sid:84706862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.208.249.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843761/; classtype:trojan-activity;sid:84706861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843760)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"lanhoppath.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843760/; classtype:trojan-activity;sid:84706860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843759)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"lanhoppath.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843759/; classtype:trojan-activity;sid:84706859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843758)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"subclidata.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843758/; classtype:trojan-activity;sid:84706858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.107.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843757/; classtype:trojan-activity;sid:84706857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.33.110.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843756/; classtype:trojan-activity;sid:84706856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843755)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitkitmaps.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843755/; classtype:trojan-activity;sid:84706855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.21.28.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843754/; classtype:trojan-activity;sid:84706854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.21.28.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843753/; classtype:trojan-activity;sid:84706853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843752)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"envsetproc.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843752/; classtype:trojan-activity;sid:84706852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843751)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"envsetproc.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843751/; classtype:trojan-activity;sid:84706851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.208.249.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843750/; classtype:trojan-activity;sid:84706850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843749)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"doclabutil.infrapointbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843749/; classtype:trojan-activity;sid:84706849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.133.140.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843748/; classtype:trojan-activity;sid:84706848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843747)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"syncitnode.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843747/; classtype:trojan-activity;sid:84706847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.33.110.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843746/; classtype:trojan-activity;sid:84706846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843745)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ioflowpath.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843745/; classtype:trojan-activity;sid:84706845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843744)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"taskidview.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843744/; classtype:trojan-activity;sid:84706844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843742)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmd.cloudflowops.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843742/; classtype:trojan-activity;sid:84706842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843743)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cmd.cloudflowops.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843743/; classtype:trojan-activity;sid:84706843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843741)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"comwebstat.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843741/; classtype:trojan-activity;sid:84706841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843739)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"metaviewhub.cloudflowops.co"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843739/; classtype:trojan-activity;sid:84706839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843740)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"metaviewhub.cloudflowops.co"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843740/; classtype:trojan-activity;sid:84706840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843738)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"refidcorex.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843738/; classtype:trojan-activity;sid:84706838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843737)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"refidcorex.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843737/; classtype:trojan-activity;sid:84706837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843735)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sync.cloudflowops.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843735/; classtype:trojan-activity;sid:84706835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843736)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sync.cloudflowops.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843736/; classtype:trojan-activity;sid:84706836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843733)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flowmaster.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843733/; classtype:trojan-activity;sid:84706833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843734)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"flowmaster.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843734/; classtype:trojan-activity;sid:84706834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.57.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843732/; classtype:trojan-activity;sid:84706832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.140.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843731/; classtype:trojan-activity;sid:84706831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843730)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"autboxserv.cloudprocmgr.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843730/; classtype:trojan-activity;sid:84706830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843728)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cloud.cloudflowops.co"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843728/; classtype:trojan-activity;sid:84706828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843729)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cloud.cloudflowops.co"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843729/; classtype:trojan-activity;sid:84706829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843727)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"domregutil.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843727/; classtype:trojan-activity;sid:84706827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843726)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pwrlogview.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843726/; classtype:trojan-activity;sid:84706826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843724)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"topsvc.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843724/; classtype:trojan-activity;sid:84706824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843725)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"topsvc.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843725/; classtype:trojan-activity;sid:84706825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843723)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"extnetprox.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843723/; classtype:trojan-activity;sid:84706823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.109.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843722/; classtype:trojan-activity;sid:84706822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843720)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"opsmgr.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843720/; classtype:trojan-activity;sid:84706820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843721)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"opsmgr.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843721/; classtype:trojan-activity;sid:84706821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.238.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843719/; classtype:trojan-activity;sid:84706819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.203.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843718/; classtype:trojan-activity;sid:84706818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843717)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pkgrunstat.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843717/; classtype:trojan-activity;sid:84706817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843716)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pkgrunstat.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843716/; classtype:trojan-activity;sid:84706816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843715/; classtype:trojan-activity;sid:84706815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.203.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843714/; classtype:trojan-activity;sid:84706814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843713)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"modbusdata.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843713/; classtype:trojan-activity;sid:84706813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843712)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srcgetproc.datalinkservice.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843712/; classtype:trojan-activity;sid:84706812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843710)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dnswebsrvs.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843710/; classtype:trojan-activity;sid:84706810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843711)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dnswebsrvs.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843711/; classtype:trojan-activity;sid:84706811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843709/; classtype:trojan-activity;sid:84706809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843708/; classtype:trojan-activity;sid:84706808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843707)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"uidmapbits.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843707/; classtype:trojan-activity;sid:84706807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.109.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843706/; classtype:trojan-activity;sid:84706806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843704)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xmlbase.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843704/; classtype:trojan-activity;sid:84706804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843705)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xmlbase.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843705/; classtype:trojan-activity;sid:84706805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843703)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ftpsrvnode.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843703/; classtype:trojan-activity;sid:84706803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843702)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ftpsrvnode.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843702/; classtype:trojan-activity;sid:84706802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843701)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"git.netlogicstack.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843701/; classtype:trojan-activity;sid:84706801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843700)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"git.netlogicstack.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843700/; classtype:trojan-activity;sid:84706800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843699)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"libsyspath.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843699/; classtype:trojan-activity;sid:84706799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843697)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"proxyservmgr.netlogicstack.co"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843697/; classtype:trojan-activity;sid:84706797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843698)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"proxyservmgr.netlogicstack.co"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843698/; classtype:trojan-activity;sid:84706798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843696)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"jobadmmgrs.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843696/; classtype:trojan-activity;sid:84706796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843695)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"rawdatamap.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843695/; classtype:trojan-activity;sid:84706795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843693)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vpsentry.netlogicstack.co"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843693/; classtype:trojan-activity;sid:84706793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843694)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vpsentry.netlogicstack.co"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843694/; classtype:trojan-activity;sid:84706794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.225.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843692/; classtype:trojan-activity;sid:84706792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843691)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ziparkview.webstackengine.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843691/; classtype:trojan-activity;sid:84706791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843690/; classtype:trojan-activity;sid:84706790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843689)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"osbasesyst.nodesystemcore.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843689/; classtype:trojan-activity;sid:84706789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843688)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"metaltscfg.nodesystemcore.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843688/; classtype:trojan-activity;sid:84706788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.121.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843687/; classtype:trojan-activity;sid:84706787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843684)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843684/; classtype:trojan-activity;sid:84706784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843685)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843685/; classtype:trojan-activity;sid:84706785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843686)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843686/; classtype:trojan-activity;sid:84706786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843672)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843672/; classtype:trojan-activity;sid:84706772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843673)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843673/; classtype:trojan-activity;sid:84706773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843674)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_hardfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843674/; classtype:trojan-activity;sid:84706774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843675)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843675/; classtype:trojan-activity;sid:84706775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843676)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843676/; classtype:trojan-activity;sid:84706776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843677)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843677/; classtype:trojan-activity;sid:84706777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843678)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843678/; classtype:trojan-activity;sid:84706778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843679)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843679/; classtype:trojan-activity;sid:84706779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843680)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843680/; classtype:trojan-activity;sid:84706780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843681)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843681/; classtype:trojan-activity;sid:84706781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843682)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_hardfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843682/; classtype:trojan-activity;sid:84706782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843683)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843683/; classtype:trojan-activity;sid:84706783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843671)"; flow:established,from_client; content:"GET"; http_method; content:"/goth.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.156.87.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843671/; classtype:trojan-activity;sid:84706771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843669)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"apidocserv.nodesystemcore.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843669/; classtype:trojan-activity;sid:84706769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843670)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"devbits.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843670/; classtype:trojan-activity;sid:84706770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843668)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"devbits.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843668/; classtype:trojan-activity;sid:84706768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843667)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843667/; classtype:trojan-activity;sid:84706767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843666)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843666/; classtype:trojan-activity;sid:84706766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843652)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843652/; classtype:trojan-activity;sid:84706752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843653)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843653/; classtype:trojan-activity;sid:84706753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843654)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843654/; classtype:trojan-activity;sid:84706754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843655)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843655/; classtype:trojan-activity;sid:84706755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843656)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843656/; classtype:trojan-activity;sid:84706756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843657)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843657/; classtype:trojan-activity;sid:84706757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843658)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843658/; classtype:trojan-activity;sid:84706758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843659)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_hardfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843659/; classtype:trojan-activity;sid:84706759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843660)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843660/; classtype:trojan-activity;sid:84706760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843661)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843661/; classtype:trojan-activity;sid:84706761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843662)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843662/; classtype:trojan-activity;sid:84706762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843663)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843663/; classtype:trojan-activity;sid:84706763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843664)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843664/; classtype:trojan-activity;sid:84706764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843665)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_hardfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843665/; classtype:trojan-activity;sid:84706765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843651)"; flow:established,from_client; content:"GET"; http_method; content:"/www.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843651/; classtype:trojan-activity;sid:84706751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843645)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843645/; classtype:trojan-activity;sid:84706745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843646)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843646/; classtype:trojan-activity;sid:84706746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843647)"; flow:established,from_client; content:"GET"; http_method; content:"/ccc.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843647/; classtype:trojan-activity;sid:84706747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843648)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843648/; classtype:trojan-activity;sid:84706748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843649)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ak.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843649/; classtype:trojan-activity;sid:84706749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843650)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843650/; classtype:trojan-activity;sid:84706750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843644)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843644/; classtype:trojan-activity;sid:84706744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843642)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843642/; classtype:trojan-activity;sid:84706742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843643)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843643/; classtype:trojan-activity;sid:84706743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843641)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"logmanagementsys.netlogicstack.co"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843641/; classtype:trojan-activity;sid:84706741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843640)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dbinstlist.nodesystemcore.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843640/; classtype:trojan-activity;sid:84706740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843639/; classtype:trojan-activity;sid:84706739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843637)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"api.netlogicstack.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843637/; classtype:trojan-activity;sid:84706737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843638)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"skyvpnnode.nodesystemcore.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843638/; classtype:trojan-activity;sid:84706738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.225.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843636/; classtype:trojan-activity;sid:84706736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843635)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"webcdnstat.netlogicstack.co"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843635/; classtype:trojan-activity;sid:84706735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843634)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cmdsetproc.nodesystemcore.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843634/; classtype:trojan-activity;sid:84706734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843633)"; flow:established,from_client; content:"GET"; http_method; content:"/ggl.ocx"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"srvnode.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843633/; classtype:trojan-activity;sid:84706733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.82.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843632/; classtype:trojan-activity;sid:84706732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843631)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"tmpdirsets.techopsruntime.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843631/; classtype:trojan-activity;sid:84706731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843630/; classtype:trojan-activity;sid:84706730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.216.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843629/; classtype:trojan-activity;sid:84706729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.216.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843628/; classtype:trojan-activity;sid:84706728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843627)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sshbinpath.techopsruntime.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843627/; classtype:trojan-activity;sid:84706727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.88.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843626/; classtype:trojan-activity;sid:84706726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.43.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843625/; classtype:trojan-activity;sid:84706725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.43.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843624/; classtype:trojan-activity;sid:84706724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.38.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843623/; classtype:trojan-activity;sid:84706723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843622)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sslkeybase.techopsruntime.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843622/; classtype:trojan-activity;sid:84706722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843621)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cmd.cloudflowops.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843621/; classtype:trojan-activity;sid:84706721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843620)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"metaviewhub.cloudflowops.co"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843620/; classtype:trojan-activity;sid:84706720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.52.128.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843618/; classtype:trojan-activity;sid:84706718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843619)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"getcfghubs.techopsruntime.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843619/; classtype:trojan-activity;sid:84706719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"140.237.38.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843617/; classtype:trojan-activity;sid:84706717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843616)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sync.cloudflowops.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843616/; classtype:trojan-activity;sid:84706716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.82.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843615/; classtype:trojan-activity;sid:84706715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843614)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ipnodeclis.techopsruntime.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843614/; classtype:trojan-activity;sid:84706714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843613/; classtype:trojan-activity;sid:84706713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.52.128.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843612/; classtype:trojan-activity;sid:84706712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843610)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"hotfixpack.techopsruntime.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843610/; classtype:trojan-activity;sid:84706710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843611)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"flowmaster.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843611/; classtype:trojan-activity;sid:84706711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843609)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitfoxcore.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843609/; classtype:trojan-activity;sid:84706709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843608)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitfoxcore.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843608/; classtype:trojan-activity;sid:84706708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843607)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cloud.cloudflowops.co"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843607/; classtype:trojan-activity;sid:84706707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.2.100.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843606/; classtype:trojan-activity;sid:84706706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843605)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitfoxcoreunit.cloudflowops.co"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843605/; classtype:trojan-activity;sid:84706705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843604)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"topsvcutil.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843604/; classtype:trojan-activity;sid:84706704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843603)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"opsmgrsvcs.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843603/; classtype:trojan-activity;sid:84706703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843602)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"topsvc.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843602/; classtype:trojan-activity;sid:84706702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843601)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cpuprosmgr.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843601/; classtype:trojan-activity;sid:84706701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843600)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"opsmgr.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843600/; classtype:trojan-activity;sid:84706700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843599)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cpuprosmgr.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843599/; classtype:trojan-activity;sid:84706699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843598/; classtype:trojan-activity;sid:84706698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.59.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843597/; classtype:trojan-activity;sid:84706697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843596)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vpsrunproc.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843596/; classtype:trojan-activity;sid:84706696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843595)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"cpuprocessormgr.cloudflowops.co"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843595/; classtype:trojan-activity;sid:84706695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843594)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vpsrun.cloudflowops.co"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843594/; classtype:trojan-activity;sid:84706694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843593)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dnswebsrvs.coderworkflow.pics"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843593/; classtype:trojan-activity;sid:84706693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843592)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dnswebsrvs.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843592/; classtype:trojan-activity;sid:84706692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.2.100.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843591/; classtype:trojan-activity;sid:84706691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843590)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"dnswebsrvs.cloudflowops.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843590/; classtype:trojan-activity;sid:84706690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843589)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"appboxdata.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843589/; classtype:trojan-activity;sid:84706689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843587)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"xmlbase.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843587/; classtype:trojan-activity;sid:84706687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843588)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"xmlbase.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843588/; classtype:trojan-activity;sid:84706688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843586)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"devbitscfg.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843586/; classtype:trojan-activity;sid:84706686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843585)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"logviewsys.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843585/; classtype:trojan-activity;sid:84706685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843584/; classtype:trojan-activity;sid:84706684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843583)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"git.netlogicstack.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843583/; classtype:trojan-activity;sid:84706683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843582)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"netapiprot.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843582/; classtype:trojan-activity;sid:84706682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843581)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"proxyservmgr.netlogicstack.co"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843581/; classtype:trojan-activity;sid:84706681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.87.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843580/; classtype:trojan-activity;sid:84706680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.199.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843579/; classtype:trojan-activity;sid:84706679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.198.227.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843578/; classtype:trojan-activity;sid:84706678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.38.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843577/; classtype:trojan-activity;sid:84706677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843576)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"webcdnstat.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843576/; classtype:trojan-activity;sid:84706676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843575)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"webcdnstat.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843575/; classtype:trojan-activity;sid:84706675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843574)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"net.netlogicstack.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843574/; classtype:trojan-activity;sid:84706674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843573)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vpsentry.netlogicstack.co"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843573/; classtype:trojan-activity;sid:84706673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843572)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vpsentry.netlogicstack.co"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843572/; classtype:trojan-activity;sid:84706672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843571)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srvnodehub.devlogicmaster.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843571/; classtype:trojan-activity;sid:84706671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843570)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"corestack.netlogicstack.co"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843570/; classtype:trojan-activity;sid:84706670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843568)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gitlabhubs.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843568/; classtype:trojan-activity;sid:84706668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843569)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gitlabhubs.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843569/; classtype:trojan-activity;sid:84706669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843567)"; flow:established,from_client; content:"GET"; http_method; content:"/goth.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843567/; classtype:trojan-activity;sid:84706667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843566)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"appboxdatacent.netlogicstack.co"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843566/; classtype:trojan-activity;sid:84706666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843565)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"apiopsstat.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843565/; classtype:trojan-activity;sid:84706665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843564)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"apiopsstat.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843564/; classtype:trojan-activity;sid:84706664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843563)"; flow:established,from_client; content:"GET"; http_method; content:"/.x"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.162.155.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843563/; classtype:trojan-activity;sid:84706663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843562/; classtype:trojan-activity;sid:84706662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.38.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843561/; classtype:trojan-activity;sid:84706661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843560)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"devbits.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843560/; classtype:trojan-activity;sid:84706660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843559)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"logbinnode.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843559/; classtype:trojan-activity;sid:84706659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.198.227.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843558/; classtype:trojan-activity;sid:84706658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843557)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"appsrchcli.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843557/; classtype:trojan-activity;sid:84706657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843556)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"logmanagementsys.netlogicstack.co"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843556/; classtype:trojan-activity;sid:84706656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.72.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843555/; classtype:trojan-activity;sid:84706655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843554)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"webdocserv.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843554/; classtype:trojan-activity;sid:84706654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843553)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"api.netlogicstack.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843553/; classtype:trojan-activity;sid:84706653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843552/; classtype:trojan-activity;sid:84706652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.94.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843551/; classtype:trojan-activity;sid:84706651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843550)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"syskeypath.coderlogicbase.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843550/; classtype:trojan-activity;sid:84706650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843549)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"webcdnstat.netlogicstack.co"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843549/; classtype:trojan-activity;sid:84706649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843548)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srvnode.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843548/; classtype:trojan-activity;sid:84706648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843547)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srvnode.netlogicstack.co"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843547/; classtype:trojan-activity;sid:84706647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843546)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"netmanproc.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843546/; classtype:trojan-activity;sid:84706646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843545)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"proxys.infrasettopview.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843545/; classtype:trojan-activity;sid:84706645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843544)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"tcpconpath.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843544/; classtype:trojan-activity;sid:84706644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843543)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"tcpconpath.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843543/; classtype:trojan-activity;sid:84706643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843542)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"lanhoppathsys.infrasettopview.pics"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843542/; classtype:trojan-activity;sid:84706642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843541)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sshproserv.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843541/; classtype:trojan-activity;sid:84706641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843540)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"sshproserv.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843540/; classtype:trojan-activity;sid:84706640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843539)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"subcli.infrasettopview.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843539/; classtype:trojan-activity;sid:84706639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.72.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843538/; classtype:trojan-activity;sid:84706638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843537)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"vmlistview.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843537/; classtype:trojan-activity;sid:84706637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843536/; classtype:trojan-activity;sid:84706636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843535)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"usrgrpstat.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843535/; classtype:trojan-activity;sid:84706635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843533)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"usrgrpstat.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843533/; classtype:trojan-activity;sid:84706633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843534)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitkitmapsmgr.infrasettopview.pics"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843534/; classtype:trojan-activity;sid:84706634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843532/; classtype:trojan-activity;sid:84706632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843531)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"envset.infrasettopview.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843531/; classtype:trojan-activity;sid:84706631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843529)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"doclabutil.infrasettopview.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843529/; classtype:trojan-activity;sid:84706629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843530)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"doclabutil.infrasettopview.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843530/; classtype:trojan-activity;sid:84706630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843528)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"optwebnode.infraworkspace.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843528/; classtype:trojan-activity;sid:84706628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843527)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843527/; classtype:trojan-activity;sid:84706627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843521)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843521/; classtype:trojan-activity;sid:84706621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843522)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843522/; classtype:trojan-activity;sid:84706622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843523)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843523/; classtype:trojan-activity;sid:84706623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843524)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843524/; classtype:trojan-activity;sid:84706624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843525)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843525/; classtype:trojan-activity;sid:84706625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843526)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843526/; classtype:trojan-activity;sid:84706626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843517)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843517/; classtype:trojan-activity;sid:84706617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843518)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843518/; classtype:trojan-activity;sid:84706618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843519)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843519/; classtype:trojan-activity;sid:84706619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843520)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843520/; classtype:trojan-activity;sid:84706620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843516/; classtype:trojan-activity;sid:84706616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.185.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843515/; classtype:trojan-activity;sid:84706615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843514)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"proxysserv.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843514/; classtype:trojan-activity;sid:84706614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843513)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"syncitnodesys.globtechnodebase.pics"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843513/; classtype:trojan-activity;sid:84706613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843512)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"lanhoppath.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843512/; classtype:trojan-activity;sid:84706612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.182.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843511/; classtype:trojan-activity;sid:84706611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843510/; classtype:trojan-activity;sid:84706610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843509)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ioflow.globtechnodebase.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843509/; classtype:trojan-activity;sid:84706609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.208.157.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843508/; classtype:trojan-activity;sid:84706608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843507)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ioflow.globtechnodebase.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843507/; classtype:trojan-activity;sid:84706607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843506)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"subclidata.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843506/; classtype:trojan-activity;sid:84706606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843505)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"subclidata.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843505/; classtype:trojan-activity;sid:84706605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843504)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"taskidviewhub.globtechnodebase.pics"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843504/; classtype:trojan-activity;sid:84706604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843503)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitkitmaps.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843503/; classtype:trojan-activity;sid:84706603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.97.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843502/; classtype:trojan-activity;sid:84706602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843501)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"comweb.globtechnodebase.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843501/; classtype:trojan-activity;sid:84706601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843500)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"envsetproc.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843500/; classtype:trojan-activity;sid:84706600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843499/; classtype:trojan-activity;sid:84706599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843498)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"refidcorex.globtechnodebase.pics"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843498/; classtype:trojan-activity;sid:84706598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843497)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"doclabutil.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843497/; classtype:trojan-activity;sid:84706597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843496)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"doclabutil.openapiservicex.pics"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843496/; classtype:trojan-activity;sid:84706596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843495)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843495/; classtype:trojan-activity;sid:84706595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843494)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"autbox.globtechnodebase.pics"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843494/; classtype:trojan-activity;sid:84706594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843493)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"syncitnode.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843493/; classtype:trojan-activity;sid:84706593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843492)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"syncitnode.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843492/; classtype:trojan-activity;sid:84706592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843491)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"domreg.openapiservicedata.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843491/; classtype:trojan-activity;sid:84706591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843490)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ioflowpath.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843490/; classtype:trojan-activity;sid:84706590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843489)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pwrlogviewsys.openapiservicedata.pics"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843489/; classtype:trojan-activity;sid:84706589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843488)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"taskidview.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843488/; classtype:trojan-activity;sid:84706588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843486)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"extnet.openapiservicedata.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843486/; classtype:trojan-activity;sid:84706586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843487)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"extnet.openapiservicedata.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843487/; classtype:trojan-activity;sid:84706587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843485)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"comwebstat.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843485/; classtype:trojan-activity;sid:84706585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843484/; classtype:trojan-activity;sid:84706584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843483)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pkgrunstatlog.openapiservicedata.pics"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843483/; classtype:trojan-activity;sid:84706583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843482)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pkgrunstatlog.openapiservicedata.pics"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843482/; classtype:trojan-activity;sid:84706582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843481)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"refidcorex.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843481/; classtype:trojan-activity;sid:84706581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.97.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843480/; classtype:trojan-activity;sid:84706580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843479)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"modbus.openapiservicedata.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843479/; classtype:trojan-activity;sid:84706579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843478)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srcgetproc.openapiservicedata.pics"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843478/; classtype:trojan-activity;sid:84706578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843477)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srcgetproc.openapiservicedata.pics"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843477/; classtype:trojan-activity;sid:84706577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843476)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"autboxserv.fastnetgatehub.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843476/; classtype:trojan-activity;sid:84706576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843475)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"domregutil.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843475/; classtype:trojan-activity;sid:84706575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843474)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"domregutil.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843474/; classtype:trojan-activity;sid:84706574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843473)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"uidmapbitsys.fastnetgateview.pics"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843473/; classtype:trojan-activity;sid:84706573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.96.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843472/; classtype:trojan-activity;sid:84706572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843471)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pwrlogview.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843471/; classtype:trojan-activity;sid:84706571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843470)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ftpsrv.fastnetgateview.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843470/; classtype:trojan-activity;sid:84706570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843469)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"extnetprox.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843469/; classtype:trojan-activity;sid:84706569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843468)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"extnetprox.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843468/; classtype:trojan-activity;sid:84706568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.82.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843467/; classtype:trojan-activity;sid:84706567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843466)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"libsyspathview.fastnetgateview.pics"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843466/; classtype:trojan-activity;sid:84706566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843465)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"libsyspathview.fastnetgateview.pics"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843465/; classtype:trojan-activity;sid:84706565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.96.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843464/; classtype:trojan-activity;sid:84706564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.223.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843463/; classtype:trojan-activity;sid:84706563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843462)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"pkgrunstat.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843462/; classtype:trojan-activity;sid:84706562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843461)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"jobadm.fastnetgateview.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843461/; classtype:trojan-activity;sid:84706561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.19.27.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843460/; classtype:trojan-activity;sid:84706560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843459)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"modbusdata.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843459/; classtype:trojan-activity;sid:84706559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843458)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"rawdatamapping.fastnetgateview.pics"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843458/; classtype:trojan-activity;sid:84706558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.200.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843457/; classtype:trojan-activity;sid:84706557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843456)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"zipark.fastnetgateview.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843456/; classtype:trojan-activity;sid:84706556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843455)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"srcgetproc.systemcoreunit.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843455/; classtype:trojan-activity;sid:84706555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843454)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"uidmapbits.datalinkcenter.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843454/; classtype:trojan-activity;sid:84706554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843453)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"uidmapbits.datalinkcenter.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843453/; classtype:trojan-activity;sid:84706553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843452)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"osbase.systemcorelinkx.pics"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843452/; classtype:trojan-activity;sid:84706552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.19.27.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843451/; classtype:trojan-activity;sid:84706551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843450)"; flow:established,from_client; content:"GET"; http_method; content:"/99c7fa93-4d32-47c2-84f9-163f7755f5e3/check.rock"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"ftpsrvnode.datalinkcenter.pics"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843450/; classtype:trojan-activity;sid:84706550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843449)"; flow:established,from_client; content:"GET"; http_method; content:"/miner.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843449/; classtype:trojan-activity;sid:84706549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843448)"; flow:established,from_client; content:"GET"; http_method; content:"/c2cb43a1-3db9-486a-a707-ee88bcdb4813/google.ocx"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"metaltscfgmgr.systemcorelinkx.pics"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_10; reference:url, urlhaus.abuse.ch/url/3843448/; classtype:trojan-activity;sid:84706548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843408)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843408/; classtype:trojan-activity;sid:84706508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843410)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843410/; classtype:trojan-activity;sid:84706510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843404)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843404/; classtype:trojan-activity;sid:84706504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.95.54.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843269/; classtype:trojan-activity;sid:84706369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.113.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843177/; classtype:trojan-activity;sid:84706277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.113.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843163/; classtype:trojan-activity;sid:84706263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843025/; classtype:trojan-activity;sid:84706125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843007/; classtype:trojan-activity;sid:84706107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842462)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842462/; classtype:trojan-activity;sid:84705562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842455)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842455/; classtype:trojan-activity;sid:84705555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842456)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842456/; classtype:trojan-activity;sid:84705556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842457)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842457/; classtype:trojan-activity;sid:84705557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842458)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842458/; classtype:trojan-activity;sid:84705558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842459)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842459/; classtype:trojan-activity;sid:84705559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842447)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.x86_32"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842447/; classtype:trojan-activity;sid:84705547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842448)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842448/; classtype:trojan-activity;sid:84705548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842449)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842449/; classtype:trojan-activity;sid:84705549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842450)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842450/; classtype:trojan-activity;sid:84705550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842451)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842451/; classtype:trojan-activity;sid:84705551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842452)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842452/; classtype:trojan-activity;sid:84705552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842453)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842453/; classtype:trojan-activity;sid:84705553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842454)"; flow:established,from_client; content:"GET"; http_method; content:"/nerv.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.77.246.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842454/; classtype:trojan-activity;sid:84705554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.209.88.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842355/; classtype:trojan-activity;sid:84705455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842328)"; flow:established,from_client; content:"GET"; http_method; content:"/dashboard/images/social-icons.png"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"66.63.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842328/; classtype:trojan-activity;sid:84705428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842308/; classtype:trojan-activity;sid:84705408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842304)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842304/; classtype:trojan-activity;sid:84705404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842293)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842293/; classtype:trojan-activity;sid:84705393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842294)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842294/; classtype:trojan-activity;sid:84705394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842295)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842295/; classtype:trojan-activity;sid:84705395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842297)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842297/; classtype:trojan-activity;sid:84705397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842299)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842299/; classtype:trojan-activity;sid:84705399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842300)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842300/; classtype:trojan-activity;sid:84705400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842302)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/micro.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.60.245.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842302/; classtype:trojan-activity;sid:84705402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3842174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.13.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3842174/; classtype:trojan-activity;sid:84705274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841986)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsrouter"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841986/; classtype:trojan-activity;sid:84705086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841951)"; flow:established,from_client; content:"GET"; http_method; content:"/pp/img_035646.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"andjemztech.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841951/; classtype:trojan-activity;sid:84705051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841916)"; flow:established,from_client; content:"GET"; http_method; content:"/solid-23/jame/refs/heads/main/iakkoaj.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841916/; classtype:trojan-activity;sid:84705016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841915)"; flow:established,from_client; content:"GET"; http_method; content:"/solid-23/hg/refs/heads/main/aknsdkr.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841915/; classtype:trojan-activity;sid:84705015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841856)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest001.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841856/; classtype:trojan-activity;sid:84704956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.157.252.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841414/; classtype:trojan-activity;sid:84704514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.157.252.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841411/; classtype:trojan-activity;sid:84704511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841392)"; flow:established,from_client; content:"GET"; http_method; content:"/solid-23/ki/refs/heads/main/boagnif.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841392/; classtype:trojan-activity;sid:84704492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841359)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841359/; classtype:trojan-activity;sid:84704459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841358)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841358/; classtype:trojan-activity;sid:84704458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841340)"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841340/; classtype:trojan-activity;sid:84704440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.115.221.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841316/; classtype:trojan-activity;sid:84704416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.231.7.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841137/; classtype:trojan-activity;sid:84704237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.231.7.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841120/; classtype:trojan-activity;sid:84704220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.158.34.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841076/; classtype:trojan-activity;sid:84704176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840811)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=11.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840811/; classtype:trojan-activity;sid:84703911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.233.235.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840804/; classtype:trojan-activity;sid:84703904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840696)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840696/; classtype:trojan-activity;sid:84703796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840654/; classtype:trojan-activity;sid:84703754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.110.39.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840510/; classtype:trojan-activity;sid:84703610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840474)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840474/; classtype:trojan-activity;sid:84703574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840475)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840475/; classtype:trojan-activity;sid:84703575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840476)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm5"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840476/; classtype:trojan-activity;sid:84703576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840477)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.i686"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840477/; classtype:trojan-activity;sid:84703577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840478)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840478/; classtype:trojan-activity;sid:84703578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840479)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840479/; classtype:trojan-activity;sid:84703579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840480)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.arm6"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840480/; classtype:trojan-activity;sid:84703580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840481)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.spc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840481/; classtype:trojan-activity;sid:84703581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840470)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.m68k"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840470/; classtype:trojan-activity;sid:84703570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840471)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.sh4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840471/; classtype:trojan-activity;sid:84703571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840472)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86_64"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840472/; classtype:trojan-activity;sid:84703572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840473)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.ppc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840473/; classtype:trojan-activity;sid:84703573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840468)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.x86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840468/; classtype:trojan-activity;sid:84703568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840469)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mips"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840469/; classtype:trojan-activity;sid:84703569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840467)"; flow:established,from_client; content:"GET"; http_method; content:"/hidechaotic/ub8ehjsepafc9fyqzit6.mpsl"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"176.65.139.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840467/; classtype:trojan-activity;sid:84703567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.173.12.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839909/; classtype:trojan-activity;sid:84703009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839774)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839774/; classtype:trojan-activity;sid:84702874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839775)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839775/; classtype:trojan-activity;sid:84702875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839778)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839778/; classtype:trojan-activity;sid:84702878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839779)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839779/; classtype:trojan-activity;sid:84702879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839780)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839780/; classtype:trojan-activity;sid:84702880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839782)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839782/; classtype:trojan-activity;sid:84702882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839784)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839784/; classtype:trojan-activity;sid:84702884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839785)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839785/; classtype:trojan-activity;sid:84702885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839767)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839767/; classtype:trojan-activity;sid:84702867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv6l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839752/; classtype:trojan-activity;sid:84702852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839756/; classtype:trojan-activity;sid:84702856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv7l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839745/; classtype:trojan-activity;sid:84702845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv5l"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839747/; classtype:trojan-activity;sid:84702847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839741)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839741/; classtype:trojan-activity;sid:84702841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839736)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839736/; classtype:trojan-activity;sid:84702836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839737)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839737/; classtype:trojan-activity;sid:84702837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839738)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839738/; classtype:trojan-activity;sid:84702838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839734)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839734/; classtype:trojan-activity;sid:84702834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839630)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.151.182.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839630/; classtype:trojan-activity;sid:84702730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.x86_64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839629/; classtype:trojan-activity;sid:84702729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839626)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839626/; classtype:trojan-activity;sid:84702726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839627/; classtype:trojan-activity;sid:84702727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc-440fp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839628/; classtype:trojan-activity;sid:84702728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839624)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i486"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839624/; classtype:trojan-activity;sid:84702724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839625)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839625/; classtype:trojan-activity;sid:84702725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839621)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.powerpc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839621/; classtype:trojan-activity;sid:84702721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mipsel"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839622/; classtype:trojan-activity;sid:84702722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839615)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839615/; classtype:trojan-activity;sid:84702715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4tl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839616/; classtype:trojan-activity;sid:84702716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839617)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839617/; classtype:trojan-activity;sid:84702717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839618)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839618/; classtype:trojan-activity;sid:84702718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839619)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.armv4eb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839619/; classtype:trojan-activity;sid:84702719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839620)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bin.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"46.151.182.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839620/; classtype:trojan-activity;sid:84702720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.9.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839593/; classtype:trojan-activity;sid:84702693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839564)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839564/; classtype:trojan-activity;sid:84702664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839543)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839543/; classtype:trojan-activity;sid:84702643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.251.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839452/; classtype:trojan-activity;sid:84702552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839430)"; flow:established,from_client; content:"GET"; http_method; content:"/kikimora-arch/solid-doodle/releases/download/realease/kikikmoralibrary.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839430/; classtype:trojan-activity;sid:84702530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839368)"; flow:established,from_client; content:"GET"; http_method; content:"/porkiporki362-web/datess/refs/heads/main/khgphib.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839368/; classtype:trojan-activity;sid:84702468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.209.88.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839301/; classtype:trojan-activity;sid:84702401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839258/; classtype:trojan-activity;sid:84702358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.116.56.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838932/; classtype:trojan-activity;sid:84702032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838921)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838921/; classtype:trojan-activity;sid:84702021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838919)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838919/; classtype:trojan-activity;sid:84702019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838913)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838913/; classtype:trojan-activity;sid:84702013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838911)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838911/; classtype:trojan-activity;sid:84702011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838910)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838910/; classtype:trojan-activity;sid:84702010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838801/; classtype:trojan-activity;sid:84701901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.244.36.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838789/; classtype:trojan-activity;sid:84701889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.244.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838558/; classtype:trojan-activity;sid:84701658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.244.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838549/; classtype:trojan-activity;sid:84701649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838518)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838518/; classtype:trojan-activity;sid:84701618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838512)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838512/; classtype:trojan-activity;sid:84701612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838513)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838513/; classtype:trojan-activity;sid:84701613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838514)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838514/; classtype:trojan-activity;sid:84701614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838509)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838509/; classtype:trojan-activity;sid:84701609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838510)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838510/; classtype:trojan-activity;sid:84701610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838511)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838511/; classtype:trojan-activity;sid:84701611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838507)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838507/; classtype:trojan-activity;sid:84701607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838500)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838500/; classtype:trojan-activity;sid:84701600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838501)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838501/; classtype:trojan-activity;sid:84701601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838502)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838502/; classtype:trojan-activity;sid:84701602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838503)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838503/; classtype:trojan-activity;sid:84701603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838504)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838504/; classtype:trojan-activity;sid:84701604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838505)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838505/; classtype:trojan-activity;sid:84701605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838506)"; flow:established,from_client; content:"GET"; http_method; content:"/titanjr.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"216.9.225.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838506/; classtype:trojan-activity;sid:84701606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838497)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838497/; classtype:trojan-activity;sid:84701597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838498)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838498/; classtype:trojan-activity;sid:84701598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838499)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838499/; classtype:trojan-activity;sid:84701599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.204.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838354/; classtype:trojan-activity;sid:84701454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.204.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838337/; classtype:trojan-activity;sid:84701437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.63.185.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838081/; classtype:trojan-activity;sid:84701181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837820)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837820/; classtype:trojan-activity;sid:84700920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837821)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837821/; classtype:trojan-activity;sid:84700921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837667)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837667/; classtype:trojan-activity;sid:84700767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837665/; classtype:trojan-activity;sid:84700765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837666)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837666/; classtype:trojan-activity;sid:84700766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837663)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837663/; classtype:trojan-activity;sid:84700763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837664)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.104.63.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837664/; classtype:trojan-activity;sid:84700764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.43.137.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837618/; classtype:trojan-activity;sid:84700718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.137.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_03; reference:url, urlhaus.abuse.ch/url/3837602/; classtype:trojan-activity;sid:84700702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.243.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837298/; classtype:trojan-activity;sid:84700398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.243.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837295/; classtype:trojan-activity;sid:84700395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.243.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837292/; classtype:trojan-activity;sid:84700392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.55.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837233/; classtype:trojan-activity;sid:84700333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.55.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837229/; classtype:trojan-activity;sid:84700329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837226/; classtype:trojan-activity;sid:84700326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837223/; classtype:trojan-activity;sid:84700323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837222/; classtype:trojan-activity;sid:84700322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837221/; classtype:trojan-activity;sid:84700321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.110.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837217/; classtype:trojan-activity;sid:84700317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.53.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837214/; classtype:trojan-activity;sid:84700314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.110.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837199/; classtype:trojan-activity;sid:84700299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837160)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837160/; classtype:trojan-activity;sid:84700260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837156)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837156/; classtype:trojan-activity;sid:84700256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837151)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837151/; classtype:trojan-activity;sid:84700251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837147)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837147/; classtype:trojan-activity;sid:84700247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837148)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837148/; classtype:trojan-activity;sid:84700248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837131)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837131/; classtype:trojan-activity;sid:84700231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837132)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837132/; classtype:trojan-activity;sid:84700232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837133)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837133/; classtype:trojan-activity;sid:84700233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837097)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837097/; classtype:trojan-activity;sid:84700197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836948/; classtype:trojan-activity;sid:84700048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836936/; classtype:trojan-activity;sid:84700036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.160.130.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836819/; classtype:trojan-activity;sid:84699919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.160.130.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836805/; classtype:trojan-activity;sid:84699905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.156.143.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836510/; classtype:trojan-activity;sid:84699610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.178.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836363/; classtype:trojan-activity;sid:84699463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836343)"; flow:established,from_client; content:"GET"; http_method; content:"/segmenthelper37/kiddions-mod-menu-download-2026/raw/refs/heads/main/wallpaperengine-7.6.1-win64.rar"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836343/; classtype:trojan-activity;sid:84699443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836344)"; flow:established,from_client; content:"GET"; http_method; content:"/segmenthelper37/kiddions-mod-menu-download-2026/refs/heads/main/wallpaperengine-7.6.1-win64.rar"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836344/; classtype:trojan-activity;sid:84699444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836335)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedsamy-244/design-resources-for-developers/raw/refs/heads/master/.github/for-developers-resources-design-v3.9.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836335/; classtype:trojan-activity;sid:84699435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836336)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedsamy-244/ai-code-context-helper/raw/refs/heads/master/ai_code_context_helper/resources/helper-code-ai-context-v1.7-alpha.4.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836336/; classtype:trojan-activity;sid:84699436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836337)"; flow:established,from_client; content:"GET"; http_method; content:"/dfseff343fedc/task-control/refs/heads/master/erosely/task-control.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836337/; classtype:trojan-activity;sid:84699437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836333)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedsamy-244/ai-code-context-helper/refs/heads/master/ai_code_context_helper/resources/helper-code-ai-context-v1.7-alpha.4.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836333/; classtype:trojan-activity;sid:84699433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836334)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmedsamy-244/design-resources-for-developers/refs/heads/master/.github/for-developers-resources-design-v3.9.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836334/; classtype:trojan-activity;sid:84699434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836332)"; flow:established,from_client; content:"GET"; http_method; content:"/dfseff343fedc/task-control/raw/refs/heads/master/erosely/task-control.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836332/; classtype:trojan-activity;sid:84699432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836328)"; flow:established,from_client; content:"GET"; http_method; content:"/xlrepotestaa/zaluea/raw/refs/heads/main/site/uv/software-v3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836328/; classtype:trojan-activity;sid:84699428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836327)"; flow:established,from_client; content:"GET"; http_method; content:"/sarbuaaaaaa/student_attendance_management_system/refs/heads/main/affluently/management-student-system-attendance-1.5.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836327/; classtype:trojan-activity;sid:84699427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836323)"; flow:established,from_client; content:"GET"; http_method; content:"/xlrepotestaa/prompt-engineering-models/raw/refs/heads/main/refactoring/13-extract-and-simplify/engineering-prompt-models-2.0.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836323/; classtype:trojan-activity;sid:84699423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836324)"; flow:established,from_client; content:"GET"; http_method; content:"/brunobathe/oma-clipmanager/refs/heads/main/minguetite/clipmanager-oma-2.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836324/; classtype:trojan-activity;sid:84699424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836325)"; flow:established,from_client; content:"GET"; http_method; content:"/xlrepotestaa/prompt-engineering-models/refs/heads/main/refactoring/13-extract-and-simplify/engineering-prompt-models-2.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836325/; classtype:trojan-activity;sid:84699425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836326)"; flow:established,from_client; content:"GET"; http_method; content:"/sarbuaaaaaa/student_attendance_management_system/raw/refs/heads/main/affluently/management-student-system-attendance-1.5.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836326/; classtype:trojan-activity;sid:84699426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836321)"; flow:established,from_client; content:"GET"; http_method; content:"/jadelinda81/export-list-of-instagram-followers/raw/refs/heads/main/instantaneous/export_instagram_of_list_followers_v1.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836321/; classtype:trojan-activity;sid:84699421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836322)"; flow:established,from_client; content:"GET"; http_method; content:"/osamagxdgaming/all-in-one-clipboard/refs/heads/main/build/symbols/source/clipboard_in_one_all_3.5-beta.2.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836322/; classtype:trojan-activity;sid:84699422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836319)"; flow:established,from_client; content:"GET"; http_method; content:"/yokiyokeh/prompt-engineering-portfolio/refs/heads/main/disease/prompt_engineering_portfolio_v3.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836319/; classtype:trojan-activity;sid:84699419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836320)"; flow:established,from_client; content:"GET"; http_method; content:"/jadelinda81/export-list-of-instagram-followers/refs/heads/main/instantaneous/export_instagram_of_list_followers_v1.0.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836320/; classtype:trojan-activity;sid:84699420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836314)"; flow:established,from_client; content:"GET"; http_method; content:"/elaaronxd/task-manager/raw/refs/heads/main/geared/task_manager_1.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836314/; classtype:trojan-activity;sid:84699414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836315)"; flow:established,from_client; content:"GET"; http_method; content:"/big-ghostman/jobboard-finder/raw/refs/heads/main/quartz/job_board_finder_1.7.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836315/; classtype:trojan-activity;sid:84699415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836316)"; flow:established,from_client; content:"GET"; http_method; content:"/yokiyokeh/prompt-engineering-portfolio/raw/refs/heads/main/disease/prompt_engineering_portfolio_v3.8.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836316/; classtype:trojan-activity;sid:84699416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836317)"; flow:established,from_client; content:"GET"; http_method; content:"/osamagxdgaming/all-in-one-clipboard/raw/refs/heads/main/build/symbols/source/clipboard_in_one_all_3.5-beta.2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836317/; classtype:trojan-activity;sid:84699417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836318)"; flow:established,from_client; content:"GET"; http_method; content:"/brunobathe/oma-clipmanager/raw/refs/heads/main/minguetite/clipmanager-oma-2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836318/; classtype:trojan-activity;sid:84699418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836311)"; flow:established,from_client; content:"GET"; http_method; content:"/big-ghostman/jobboard-finder/refs/heads/main/quartz/job_board_finder_1.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836311/; classtype:trojan-activity;sid:84699411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836312)"; flow:established,from_client; content:"GET"; http_method; content:"/elaaronxd/task-manager/refs/heads/main/geared/task_manager_1.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836312/; classtype:trojan-activity;sid:84699412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836313)"; flow:established,from_client; content:"GET"; http_method; content:"/xlrepotestaa/zaluea/refs/heads/main/site/uv/software-v3.1.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836313/; classtype:trojan-activity;sid:84699413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836299)"; flow:established,from_client; content:"GET"; http_method; content:"/nambao2008692/elixir_desktop_webui_todoapp/refs/heads/main/test/todo_desktopapp_web/controllers/elixir-todoapp-webui-desktop-macroplankton.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836299/; classtype:trojan-activity;sid:84699399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836300)"; flow:established,from_client; content:"GET"; http_method; content:"/aboumatta/jnk-express-padala-cashier/refs/heads/main/order-tracker-main/jnk-express-padala-cashier-1.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836300/; classtype:trojan-activity;sid:84699400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836301)"; flow:established,from_client; content:"GET"; http_method; content:"/augustus0017/roman-numeral-converter/refs/heads/main/monorhinal/numeral_roman_converter_pilchard.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836301/; classtype:trojan-activity;sid:84699401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836302)"; flow:established,from_client; content:"GET"; http_method; content:"/madilson010/jira.nvim/refs/heads/main/lua/jira/jira-api/jira-nvim-firstling.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836302/; classtype:trojan-activity;sid:84699402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836304)"; flow:established,from_client; content:"GET"; http_method; content:"/augustus0017/roman-numeral-converter/raw/refs/heads/main/monorhinal/numeral_roman_converter_pilchard.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836304/; classtype:trojan-activity;sid:84699404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836305)"; flow:established,from_client; content:"GET"; http_method; content:"/aboumatta/linebylinepaster/refs/heads/main/countably/by_paster_line_2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836305/; classtype:trojan-activity;sid:84699405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836306)"; flow:established,from_client; content:"GET"; http_method; content:"/augustus0017/go-clipboard-plus/refs/heads/main/examples/plus_clipboard_go_v1.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836306/; classtype:trojan-activity;sid:84699406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836307)"; flow:established,from_client; content:"GET"; http_method; content:"/madilson010/jira.nvim/raw/refs/heads/main/lua/jira/jira-api/jira-nvim-firstling.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836307/; classtype:trojan-activity;sid:84699407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836308)"; flow:established,from_client; content:"GET"; http_method; content:"/aboumatta/linebylinepaster/raw/refs/heads/main/countably/by_paster_line_2.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836308/; classtype:trojan-activity;sid:84699408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836309)"; flow:established,from_client; content:"GET"; http_method; content:"/augustus0017/go-clipboard-plus/raw/refs/heads/main/examples/plus_clipboard_go_v1.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836309/; classtype:trojan-activity;sid:84699409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836293)"; flow:established,from_client; content:"GET"; http_method; content:"/madilson010/madilson010.github.io/refs/heads/main/corticoafferent/madilson-github-io-1.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836293/; classtype:trojan-activity;sid:84699393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836294)"; flow:established,from_client; content:"GET"; http_method; content:"/navithub/purchase-requisition-form-system/raw/refs/heads/main/allantochorion/form_system_purchase_requisition_v3.1.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836294/; classtype:trojan-activity;sid:84699394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836295)"; flow:established,from_client; content:"GET"; http_method; content:"/terrotheterrarian/chinese-thesaurus-web-clipper-for-obsidian/raw/refs/heads/main/src/thesaurus-obsidian-for-clipper-chinese-web-3.2.zip"; http_uri; depth:136; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836295/; classtype:trojan-activity;sid:84699395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836296)"; flow:established,from_client; content:"GET"; http_method; content:"/19rudra/19rudra.github.io/raw/refs/heads/main/mesodermal/rudra_io_github_v2.6-beta.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836296/; classtype:trojan-activity;sid:84699396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836297)"; flow:established,from_client; content:"GET"; http_method; content:"/navithub/purchase-requisition-form-system/refs/heads/main/allantochorion/form_system_purchase_requisition_v3.1.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836297/; classtype:trojan-activity;sid:84699397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836298)"; flow:established,from_client; content:"GET"; http_method; content:"/aboumatta/jnk-express-padala-cashier/raw/refs/heads/main/order-tracker-main/jnk-express-padala-cashier-1.7.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836298/; classtype:trojan-activity;sid:84699398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836292)"; flow:established,from_client; content:"GET"; http_method; content:"/judastorrid822/markdowntaskmanager/refs/heads/master/.claude/skills/markdown-task-manager-v2.0.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836292/; classtype:trojan-activity;sid:84699392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836291)"; flow:established,from_client; content:"GET"; http_method; content:"/madilson010/madilson010.github.io/raw/refs/heads/main/corticoafferent/madilson-github-io-1.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836291/; classtype:trojan-activity;sid:84699391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836284)"; flow:established,from_client; content:"GET"; http_method; content:"/aboumatta/order-tracker/raw/refs/heads/main/squamipennate/order_tracker_1.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836284/; classtype:trojan-activity;sid:84699384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836285)"; flow:established,from_client; content:"GET"; http_method; content:"/terrotheterrarian/chinese-thesaurus-web-clipper-for-obsidian/refs/heads/main/src/thesaurus-obsidian-for-clipper-chinese-web-3.2.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836285/; classtype:trojan-activity;sid:84699385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836286)"; flow:established,from_client; content:"GET"; http_method; content:"/19rudra/19rudra.github.io/refs/heads/main/mesodermal/rudra_io_github_v2.6-beta.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836286/; classtype:trojan-activity;sid:84699386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836287)"; flow:established,from_client; content:"GET"; http_method; content:"/augustus0017/bcd-validator/refs/heads/main/jaywalk/validator-bc-1.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836287/; classtype:trojan-activity;sid:84699387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836288)"; flow:established,from_client; content:"GET"; http_method; content:"/judastorrid822/markdowntaskmanager/raw/refs/heads/master/.claude/skills/markdown-task-manager-v2.0.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836288/; classtype:trojan-activity;sid:84699388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836289)"; flow:established,from_client; content:"GET"; http_method; content:"/augustus0017/bcd-validator/raw/refs/heads/main/jaywalk/validator-bc-1.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836289/; classtype:trojan-activity;sid:84699389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836290)"; flow:established,from_client; content:"GET"; http_method; content:"/19rudra/to-do-list.txt/refs/heads/main/appreciative/to_list_do_txt_v2.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836290/; classtype:trojan-activity;sid:84699390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836283)"; flow:established,from_client; content:"GET"; http_method; content:"/nambao2008692/elixir_desktop_webui_todoapp/raw/refs/heads/main/test/todo_desktopapp_web/controllers/elixir-todoapp-webui-desktop-macroplankton.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836283/; classtype:trojan-activity;sid:84699383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836281)"; flow:established,from_client; content:"GET"; http_method; content:"/navithub/purchase-requisition-form-system/refs/heads/main/allantochorion/system-requisition-purchase-form-scioterique.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836281/; classtype:trojan-activity;sid:84699381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836282)"; flow:established,from_client; content:"GET"; http_method; content:"/19rudra/to-do-list.txt/raw/refs/heads/main/appreciative/to_list_do_txt_v2.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836282/; classtype:trojan-activity;sid:84699382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836280)"; flow:established,from_client; content:"GET"; http_method; content:"/aboumatta/order-tracker/refs/heads/main/squamipennate/order_tracker_1.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836280/; classtype:trojan-activity;sid:84699380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836261)"; flow:established,from_client; content:"GET"; http_method; content:"/joshkeys56/firstsite/refs/heads/main/css/software_v1.8-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836261/; classtype:trojan-activity;sid:84699361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836248)"; flow:established,from_client; content:"GET"; http_method; content:"/farochild-a11y/smart-attendance-web-app/refs/heads/main/curlewberry/smart-app-attendance-web-2.8.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836248/; classtype:trojan-activity;sid:84699348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836249)"; flow:established,from_client; content:"GET"; http_method; content:"/joshkeys56/tvclipboard/refs/heads/main/images/software-1.6-beta.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836249/; classtype:trojan-activity;sid:84699349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836250)"; flow:established,from_client; content:"GET"; http_method; content:"/trippy-420/team-tasks/refs/heads/master/docs/tasks_team_v3.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836250/; classtype:trojan-activity;sid:84699350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836251)"; flow:established,from_client; content:"GET"; http_method; content:"/flyskyed/vulnerability-assessment-report/refs/heads/main/nightwear/vulnerability_assessment_report_2.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836251/; classtype:trojan-activity;sid:84699351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836252)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/raw/refs/heads/main/musher/github-andrezinrocha-io-3.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836252/; classtype:trojan-activity;sid:84699352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836253)"; flow:established,from_client; content:"GET"; http_method; content:"/trippy-420/team-tasks/raw/refs/heads/master/docs/tasks_team_v3.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836253/; classtype:trojan-activity;sid:84699353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836254)"; flow:established,from_client; content:"GET"; http_method; content:"/hung27091/quanlisv/raw/refs/heads/main/quan%20li%20sv/.idea/software-v2.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836254/; classtype:trojan-activity;sid:84699354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836255)"; flow:established,from_client; content:"GET"; http_method; content:"/hung27091/arraylist/raw/refs/heads/main/portress/list-array-v1.5.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836255/; classtype:trojan-activity;sid:84699355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836256)"; flow:established,from_client; content:"GET"; http_method; content:"/farochild-a11y/farochild-a11y.github.io/refs/heads/main/plea/io-a-farochild-y-github-2.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836256/; classtype:trojan-activity;sid:84699356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836257)"; flow:established,from_client; content:"GET"; http_method; content:"/hung27091/quanlisv/refs/heads/main/quan%20li%20sv/.idea/software-v2.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836257/; classtype:trojan-activity;sid:84699357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836258)"; flow:established,from_client; content:"GET"; http_method; content:"/farochild-a11y/farochild-a11y.github.io/raw/refs/heads/main/plea/io-a-farochild-y-github-2.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836258/; classtype:trojan-activity;sid:84699358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836259)"; flow:established,from_client; content:"GET"; http_method; content:"/hung27091/arraylist/refs/heads/main/portress/list-array-v1.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836259/; classtype:trojan-activity;sid:84699359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836260)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/refs/heads/main/musher/io-github-andrezinrocha-3.7.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836260/; classtype:trojan-activity;sid:84699360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836236)"; flow:established,from_client; content:"GET"; http_method; content:"/flyskyed/vulnerability-assessment-report/raw/refs/heads/main/nightwear/vulnerability_assessment_report_2.3.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836236/; classtype:trojan-activity;sid:84699336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836237)"; flow:established,from_client; content:"GET"; http_method; content:"/joshkeys56/tvclipboard/raw/refs/heads/main/images/software-1.6-beta.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836237/; classtype:trojan-activity;sid:84699337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836238)"; flow:established,from_client; content:"GET"; http_method; content:"/farochild-a11y/farochild-a11y.github.io/raw/refs/heads/main/plea/github_y_a_farochild_io_3.6.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836238/; classtype:trojan-activity;sid:84699338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836239)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/dodoclip/raw/refs/heads/main/scripts/software_v2.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836239/; classtype:trojan-activity;sid:84699339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836240)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/refs/heads/main/musher/io-andrezinrocha-github-voluptuarian.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836240/; classtype:trojan-activity;sid:84699340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836241)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/refs/heads/main/musher/github-io-andrezinrocha-v1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836241/; classtype:trojan-activity;sid:84699341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836242)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836242/; classtype:trojan-activity;sid:84699342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836243)"; flow:established,from_client; content:"GET"; http_method; content:"/joshkeys56/tindog/refs/heads/main/css/software_kotukutuku.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836243/; classtype:trojan-activity;sid:84699343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836244)"; flow:established,from_client; content:"GET"; http_method; content:"/joshkeys56/tindog/raw/refs/heads/main/css/software_kotukutuku.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836244/; classtype:trojan-activity;sid:84699344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836245)"; flow:established,from_client; content:"GET"; http_method; content:"/xxrougethedemigodxx/taskwave-installable-web-based-task-manager/refs/heads/main/packages/bootstrap-5.3.8-dist/css/installable_based_wave_manager_task_web_3.7.zip"; http_uri; depth:162; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836245/; classtype:trojan-activity;sid:84699345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836246)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/raw/refs/heads/main/musher/io-andrezinrocha-github-voluptuarian.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836246/; classtype:trojan-activity;sid:84699346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836247)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/raw/refs/heads/main/musher/io-github-andrezinrocha-3.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836247/; classtype:trojan-activity;sid:84699347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836231)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/raw/refs/heads/main/musher/github-io-andrezinrocha-v1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836231/; classtype:trojan-activity;sid:84699331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836232)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836232/; classtype:trojan-activity;sid:84699332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836233)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836233/; classtype:trojan-activity;sid:84699333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836234)"; flow:established,from_client; content:"GET"; http_method; content:"/farochild-a11y/smart-attendance-web-app/raw/refs/heads/main/curlewberry/smart-app-attendance-web-2.8.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836234/; classtype:trojan-activity;sid:84699334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836235)"; flow:established,from_client; content:"GET"; http_method; content:"/hung27091/java-practice/refs/heads/main/sinistrously/java_practice_1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836235/; classtype:trojan-activity;sid:84699335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836227)"; flow:established,from_client; content:"GET"; http_method; content:"/xxrougethedemigodxx/taskwave-installable-web-based-task-manager/raw/refs/heads/main/packages/bootstrap-5.3.8-dist/css/installable_based_wave_manager_task_web_3.7.zip"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836227/; classtype:trojan-activity;sid:84699327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836228)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836228/; classtype:trojan-activity;sid:84699328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836229)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/andrezinrocha.github.io/refs/heads/main/musher/github-andrezinrocha-io-3.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836229/; classtype:trojan-activity;sid:84699329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836230)"; flow:established,from_client; content:"GET"; http_method; content:"/joshkeys56/firstsite/raw/refs/heads/main/css/software_v1.8-beta.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836230/; classtype:trojan-activity;sid:84699330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836223)"; flow:established,from_client; content:"GET"; http_method; content:"/andrezinrocha/dodoclip/refs/heads/main/scripts/software_v2.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836223/; classtype:trojan-activity;sid:84699323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836224)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836224/; classtype:trojan-activity;sid:84699324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836225)"; flow:established,from_client; content:"GET"; http_method; content:"/hung27091/java-practice/raw/refs/heads/main/sinistrously/java_practice_1.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836225/; classtype:trojan-activity;sid:84699325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836226)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836226/; classtype:trojan-activity;sid:84699326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836221)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836221/; classtype:trojan-activity;sid:84699321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836222)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836222/; classtype:trojan-activity;sid:84699322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836220)"; flow:established,from_client; content:"GET"; http_method; content:"/farochild-a11y/farochild-a11y.github.io/refs/heads/main/plea/github_y_a_farochild_io_3.6.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836220/; classtype:trojan-activity;sid:84699320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836190)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/uploadproject/refs/heads/main/colours/upload-project-v1.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836190/; classtype:trojan-activity;sid:84699290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836187)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/asherfn.github.io/raw/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836187/; classtype:trojan-activity;sid:84699287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836188)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/nightops-drop/raw/refs/heads/main/loggat/nightops_drop_2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836188/; classtype:trojan-activity;sid:84699288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836189)"; flow:established,from_client; content:"GET"; http_method; content:"/familyguy12333/roblox-macro-v3.0.0/refs/heads/main/language/macr-roblo-v3.6.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836189/; classtype:trojan-activity;sid:84699289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836177)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/uploadproject/raw/refs/heads/main/colours/upload-project-v1.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836177/; classtype:trojan-activity;sid:84699277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836178)"; flow:established,from_client; content:"GET"; http_method; content:"/namanpaliyal/namanpaliyal.github.io/raw/refs/heads/main/romeshot/github_io_namanpaliyal_v2.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836178/; classtype:trojan-activity;sid:84699278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836179)"; flow:established,from_client; content:"GET"; http_method; content:"/namanpaliyal/namanpaliyal.github.io/refs/heads/main/romeshot/github_io_namanpaliyal_v2.0.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836179/; classtype:trojan-activity;sid:84699279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836180)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/spotify-project/raw/refs/heads/main/project/project_spotify_1.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836180/; classtype:trojan-activity;sid:84699280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836181)"; flow:established,from_client; content:"GET"; http_method; content:"/ben-jilo/ben-jilo.github.io/raw/refs/heads/main/horrification/ben_jilo_io_github_v2.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836181/; classtype:trojan-activity;sid:84699281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836182)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/guru-bot/raw/refs/heads/main/guru/bot_gur_pilgrimatical.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836182/; classtype:trojan-activity;sid:84699282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836183)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/asherfn.github.io/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836183/; classtype:trojan-activity;sid:84699283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836184)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/spotify-project/refs/heads/main/project/project_spotify_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836184/; classtype:trojan-activity;sid:84699284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836185)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836185/; classtype:trojan-activity;sid:84699285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836186)"; flow:established,from_client; content:"GET"; http_method; content:"/ben-jilo/ben-jilo.github.io/refs/heads/main/horrification/ben_jilo_io_github_v2.9.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836186/; classtype:trojan-activity;sid:84699286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836170)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/teamkura1.github.io/refs/heads/main/barreler/teamkura_io_github_v1.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836170/; classtype:trojan-activity;sid:84699270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836171)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/raw/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836171/; classtype:trojan-activity;sid:84699271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836172)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/raw/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836172/; classtype:trojan-activity;sid:84699272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836173)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/servicemesh-istio-demo/raw/refs/heads/main/customer-service/src/main/java/servicemesh_istio_demo_2.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836173/; classtype:trojan-activity;sid:84699273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836174)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/devbar/refs/heads/main/prediplomatic/software-v3.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836174/; classtype:trojan-activity;sid:84699274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836175)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/rockspeeder.github.io/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836175/; classtype:trojan-activity;sid:84699275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836176)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/flash-md/raw/refs/heads/main/bdd/md-flash-v3.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836176/; classtype:trojan-activity;sid:84699276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836163)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/khonneymann.github.io/raw/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836163/; classtype:trojan-activity;sid:84699263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836164)"; flow:established,from_client; content:"GET"; http_method; content:"/namanpaliyal/verify/raw/refs/heads/main/jillflirt/software_1.9.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836164/; classtype:trojan-activity;sid:84699264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836165)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/nightops-drop/refs/heads/main/loggat/nightops_drop_2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836165/; classtype:trojan-activity;sid:84699265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836166)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/rockspeeder.github.io/raw/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836166/; classtype:trojan-activity;sid:84699266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836167)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836167/; classtype:trojan-activity;sid:84699267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836168)"; flow:established,from_client; content:"GET"; http_method; content:"/thejangs2/zigantic/refs/heads/main/docs/.vitepress/software_v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836168/; classtype:trojan-activity;sid:84699268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836169)"; flow:established,from_client; content:"GET"; http_method; content:"/namanpaliyal/verify/refs/heads/main/jillflirt/software_1.9.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836169/; classtype:trojan-activity;sid:84699269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836159)"; flow:established,from_client; content:"GET"; http_method; content:"/namanpaliyal/kardiaflow/raw/refs/heads/main/app/static/kardia-flow-1.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836159/; classtype:trojan-activity;sid:84699259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836160)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/employees-fullstack/refs/heads/main/angular-frontend/employees-ui/src/app/features/fullstack_employees_v2.7.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836160/; classtype:trojan-activity;sid:84699260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836161)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/flash-md/refs/heads/main/bdd/md-flash-v3.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836161/; classtype:trojan-activity;sid:84699261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836162)"; flow:established,from_client; content:"GET"; http_method; content:"/ben-jilo/awesome-faceless/raw/refs/heads/main/micrococcus/faceless-awesome-v1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836162/; classtype:trojan-activity;sid:84699262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836156)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/guru-bot/refs/heads/main/guru/bot_gur_pilgrimatical.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836156/; classtype:trojan-activity;sid:84699256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836157)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/bradorahacker001.github.io/refs/heads/main/nasopharyngeal/github-bradorahacker-io-v1.0.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836157/; classtype:trojan-activity;sid:84699257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836158)"; flow:established,from_client; content:"GET"; http_method; content:"/thejangs2/zigantic/raw/refs/heads/main/docs/.vitepress/software_v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836158/; classtype:trojan-activity;sid:84699258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836150)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/employees-fullstack/raw/refs/heads/main/angular-frontend/employees-ui/src/app/features/fullstack_employees_v2.7.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836150/; classtype:trojan-activity;sid:84699250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836151)"; flow:established,from_client; content:"GET"; http_method; content:"/namanpaliyal/kardiaflow/refs/heads/main/app/static/kardia-flow-1.5.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836151/; classtype:trojan-activity;sid:84699251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836152)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/khonneymann.github.io/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836152/; classtype:trojan-activity;sid:84699252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836153)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/bradorahacker001.github.io/raw/refs/heads/main/nasopharyngeal/github-bradorahacker-io-v1.0.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836153/; classtype:trojan-activity;sid:84699253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836154)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/servicemesh-istio-demo/refs/heads/main/customer-service/src/main/java/servicemesh_istio_demo_2.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836154/; classtype:trojan-activity;sid:84699254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836155)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/teamkura1.github.io/raw/refs/heads/main/barreler/teamkura_io_github_v1.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836155/; classtype:trojan-activity;sid:84699255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836149)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/devbar/raw/refs/heads/main/prediplomatic/software-v3.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836149/; classtype:trojan-activity;sid:84699249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836147)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/i-greque.github.io/raw/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836147/; classtype:trojan-activity;sid:84699247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836148)"; flow:established,from_client; content:"GET"; http_method; content:"/familyguy12333/roblox-macro-v3.0.0/raw/refs/heads/main/language/macr-roblo-v3.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836148/; classtype:trojan-activity;sid:84699248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836145)"; flow:established,from_client; content:"GET"; http_method; content:"/ben-jilo/awesome-faceless/refs/heads/main/micrococcus/faceless-awesome-v1.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836145/; classtype:trojan-activity;sid:84699245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836146)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/i-greque.github.io/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836146/; classtype:trojan-activity;sid:84699246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836140)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/i-am-not-a-robot/raw/refs/heads/main/biblicality/i_am_robot_a_not_v1.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836140/; classtype:trojan-activity;sid:84699240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836137)"; flow:established,from_client; content:"GET"; http_method; content:"/adarnavarro12/99-nights-script/refs/heads/main/anethum/nights_script_v1.0-alpha.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836137/; classtype:trojan-activity;sid:84699237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836138)"; flow:established,from_client; content:"GET"; http_method; content:"/gabymrtsg/roblox-macro-v3.0.0/refs/heads/main/language/roblo_macr_v2.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836138/; classtype:trojan-activity;sid:84699238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836135)"; flow:established,from_client; content:"GET"; http_method; content:"/gabymrtsg/roblox-macro-v3.0.0/raw/refs/heads/main/language/roblo_macr_v2.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836135/; classtype:trojan-activity;sid:84699235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836136)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/raw/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836136/; classtype:trojan-activity;sid:84699236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836133)"; flow:established,from_client; content:"GET"; http_method; content:"/gabymrtsg/edswqcxz/raw/refs/heads/master/triglyphed/software_v3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836133/; classtype:trojan-activity;sid:84699233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836134)"; flow:established,from_client; content:"GET"; http_method; content:"/bielelmagu/roblox-fps-unlocker/raw/refs/heads/main/dihydride/unlocker_roblox_fp_actipylea.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836134/; classtype:trojan-activity;sid:84699234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836126)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836126/; classtype:trojan-activity;sid:84699226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836127)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/roblox-fps-unlocker/raw/refs/heads/main/devvel/fp_roblox_unlocker_3.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836127/; classtype:trojan-activity;sid:84699227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836128)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/roblox-fps-unlocker/refs/heads/main/devvel/fp_roblox_unlocker_3.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836128/; classtype:trojan-activity;sid:84699228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836129)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/i-am-not-a-robot/refs/heads/main/biblicality/i_am_robot_a_not_v1.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836129/; classtype:trojan-activity;sid:84699229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836130)"; flow:established,from_client; content:"GET"; http_method; content:"/bielelmagu/roblox-fps-unlocker/refs/heads/main/dihydride/unlocker_roblox_fp_actipylea.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836130/; classtype:trojan-activity;sid:84699230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836131)"; flow:established,from_client; content:"GET"; http_method; content:"/adarnavarro12/99-nights-script/raw/refs/heads/main/anethum/nights_script_v1.0-alpha.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836131/; classtype:trojan-activity;sid:84699231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836132)"; flow:established,from_client; content:"GET"; http_method; content:"/gabymrtsg/edswqcxz/refs/heads/master/triglyphed/software_v3.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836132/; classtype:trojan-activity;sid:84699232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836099)"; flow:established,from_client; content:"GET"; http_method; content:"/lineratlift43/hwidclean/releases/download/hwidspoofer/latest.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836099/; classtype:trojan-activity;sid:84699199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836094)"; flow:established,from_client; content:"GET"; http_method; content:"/primmslimx/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836094/; classtype:trojan-activity;sid:84699194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836095)"; flow:established,from_client; content:"GET"; http_method; content:"/primmslimx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836095/; classtype:trojan-activity;sid:84699195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835850)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835850/; classtype:trojan-activity;sid:84698950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835847)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835847/; classtype:trojan-activity;sid:84698947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835849)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835849/; classtype:trojan-activity;sid:84698949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835845)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835845/; classtype:trojan-activity;sid:84698945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835831)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835831/; classtype:trojan-activity;sid:84698931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835832)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835832/; classtype:trojan-activity;sid:84698932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835833)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835833/; classtype:trojan-activity;sid:84698933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835834)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835834/; classtype:trojan-activity;sid:84698934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835814)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835814/; classtype:trojan-activity;sid:84698914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835812)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835812/; classtype:trojan-activity;sid:84698912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835813)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/tbk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835813/; classtype:trojan-activity;sid:84698913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835499)"; flow:established,from_client; content:"GET"; http_method; content:"/10.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835499/; classtype:trojan-activity;sid:84698599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.69.110.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835263/; classtype:trojan-activity;sid:84698363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835260)"; flow:established,from_client; content:"GET"; http_method; content:"/sunwukongs.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"plasteredplayn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835260/; classtype:trojan-activity;sid:84698360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835155/; classtype:trojan-activity;sid:84698255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835146/; classtype:trojan-activity;sid:84698246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835147/; classtype:trojan-activity;sid:84698247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835148/; classtype:trojan-activity;sid:84698248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835150/; classtype:trojan-activity;sid:84698250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835152/; classtype:trojan-activity;sid:84698252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835153)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835153/; classtype:trojan-activity;sid:84698253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835154/; classtype:trojan-activity;sid:84698254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835138/; classtype:trojan-activity;sid:84698238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835140/; classtype:trojan-activity;sid:84698240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835141)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835141/; classtype:trojan-activity;sid:84698241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835142/; classtype:trojan-activity;sid:84698242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835143/; classtype:trojan-activity;sid:84698243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835145/; classtype:trojan-activity;sid:84698245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.83.86.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835137/; classtype:trojan-activity;sid:84698237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834980)"; flow:established,from_client; content:"GET"; http_method; content:"/httpd-kworker"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834980/; classtype:trojan-activity;sid:84698080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834484)"; flow:established,from_client; content:"GET"; http_method; content:"/imagekdfgueuehedb6666.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834484/; classtype:trojan-activity;sid:84697584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834485)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelkjh0987.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834485/; classtype:trojan-activity;sid:84697585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834480)"; flow:established,from_client; content:"GET"; http_method; content:"/image9870.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834480/; classtype:trojan-activity;sid:84697580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834483)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefile001.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834483/; classtype:trojan-activity;sid:84697583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834473)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecopy0956.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834473/; classtype:trojan-activity;sid:84697573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.109.132.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834429/; classtype:trojan-activity;sid:84697529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.7.65"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834404/; classtype:trojan-activity;sid:84697504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.173.12.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834351/; classtype:trojan-activity;sid:84697451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834223/; classtype:trojan-activity;sid:84697323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834216/; classtype:trojan-activity;sid:84697316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.128.243.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834153/; classtype:trojan-activity;sid:84697253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834075)"; flow:established,from_client; content:"GET"; http_method; content:"/manjibot.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834075/; classtype:trojan-activity;sid:84697175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834060)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834060/; classtype:trojan-activity;sid:84697160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834061)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834061/; classtype:trojan-activity;sid:84697161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834062)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834062/; classtype:trojan-activity;sid:84697162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834063)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834063/; classtype:trojan-activity;sid:84697163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834064)"; flow:established,from_client; content:"GET"; http_method; content:"/server2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834064/; classtype:trojan-activity;sid:84697164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834065)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834065/; classtype:trojan-activity;sid:84697165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834066)"; flow:established,from_client; content:"GET"; http_method; content:"/server"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834066/; classtype:trojan-activity;sid:84697166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834059)"; flow:established,from_client; content:"GET"; http_method; content:"/manji.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3834059/; classtype:trojan-activity;sid:84697159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833947)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833947/; classtype:trojan-activity;sid:84697047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833946)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833946/; classtype:trojan-activity;sid:84697046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833942)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833942/; classtype:trojan-activity;sid:84697042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833943)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833943/; classtype:trojan-activity;sid:84697043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833944)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833944/; classtype:trojan-activity;sid:84697044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833945)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833945/; classtype:trojan-activity;sid:84697045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833940)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833940/; classtype:trojan-activity;sid:84697040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833941)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsle"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833941/; classtype:trojan-activity;sid:84697041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833939)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833939/; classtype:trojan-activity;sid:84697039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833935)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.190.158.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833935/; classtype:trojan-activity;sid:84697035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833922)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833922/; classtype:trojan-activity;sid:84697022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833909)"; flow:established,from_client; content:"GET"; http_method; content:"/9.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833909/; classtype:trojan-activity;sid:84697009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833902)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833902/; classtype:trojan-activity;sid:84697002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833901)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833901/; classtype:trojan-activity;sid:84697001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833899)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833899/; classtype:trojan-activity;sid:84696999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833900)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833900/; classtype:trojan-activity;sid:84697000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833896)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833896/; classtype:trojan-activity;sid:84696996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833897)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833897/; classtype:trojan-activity;sid:84696997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833898)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833898/; classtype:trojan-activity;sid:84696998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.236.46.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833868/; classtype:trojan-activity;sid:84696968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833743)"; flow:established,from_client; content:"GET"; http_method; content:"/rum/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"spgint.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833743/; classtype:trojan-activity;sid:84696843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833740)"; flow:established,from_client; content:"GET"; http_method; content:"/uplod/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"autobaenasl.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833740/; classtype:trojan-activity;sid:84696840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833733)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"postelnini.mk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833733/; classtype:trojan-activity;sid:84696833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833580/; classtype:trojan-activity;sid:84696680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.69.110.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833547/; classtype:trojan-activity;sid:84696647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.236.46.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833499/; classtype:trojan-activity;sid:84696599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833480/; classtype:trojan-activity;sid:84696580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.84.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832934/; classtype:trojan-activity;sid:84696034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832920)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.62.41.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832920/; classtype:trojan-activity;sid:84696020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.88.191.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832742/; classtype:trojan-activity;sid:84695842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832733)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/xmrig.tar.gz"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832733/; classtype:trojan-activity;sid:84695833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832732)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/watcher"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832732/; classtype:trojan-activity;sid:84695832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832661)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_mipsle"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832661/; classtype:trojan-activity;sid:84695761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832662)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832662/; classtype:trojan-activity;sid:84695762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832663)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832663/; classtype:trojan-activity;sid:84695763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832664)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832664/; classtype:trojan-activity;sid:84695764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832658)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832658/; classtype:trojan-activity;sid:84695758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832659)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832659/; classtype:trojan-activity;sid:84695759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832660)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832660/; classtype:trojan-activity;sid:84695760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832498)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832498/; classtype:trojan-activity;sid:84695598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832419)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832419/; classtype:trojan-activity;sid:84695519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832402)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.i486"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832402/; classtype:trojan-activity;sid:84695502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832403)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832403/; classtype:trojan-activity;sid:84695503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832404)"; flow:established,from_client; content:"GET"; http_method; content:"/cometome"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832404/; classtype:trojan-activity;sid:84695504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832405)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832405/; classtype:trojan-activity;sid:84695505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832406)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832406/; classtype:trojan-activity;sid:84695506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832407)"; flow:established,from_client; content:"GET"; http_method; content:"/cache"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832407/; classtype:trojan-activity;sid:84695507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832408)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832408/; classtype:trojan-activity;sid:84695508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832409)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832409/; classtype:trojan-activity;sid:84695509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832410)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832410/; classtype:trojan-activity;sid:84695510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832411)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832411/; classtype:trojan-activity;sid:84695511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832412)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832412/; classtype:trojan-activity;sid:84695512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832413)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832413/; classtype:trojan-activity;sid:84695513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832414)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832414/; classtype:trojan-activity;sid:84695514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832415)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832415/; classtype:trojan-activity;sid:84695515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832400)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.i686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832400/; classtype:trojan-activity;sid:84695500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832399)"; flow:established,from_client; content:"GET"; http_method; content:"/shabak.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.168.95.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832399/; classtype:trojan-activity;sid:84695499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=ford|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:163; isdataat:!1,relative; nocase; content:"darcymotors2.screenconnect.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832371/; classtype:trojan-activity;sid:84695471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832353)"; flow:established,from_client; content:"GET"; http_method; content:"/nerd1337-afk/1337/raw/refs/heads/main/abe_decrypt.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832353/; classtype:trojan-activity;sid:84695453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.187.101.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832339/; classtype:trojan-activity;sid:84695439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.84.219.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832151/; classtype:trojan-activity;sid:84695251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832039)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832039/; classtype:trojan-activity;sid:84695139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832038)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832038/; classtype:trojan-activity;sid:84695138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832000)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832000/; classtype:trojan-activity;sid:84695100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831993)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831993/; classtype:trojan-activity;sid:84695093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831994)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831994/; classtype:trojan-activity;sid:84695094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831995)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831995/; classtype:trojan-activity;sid:84695095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831996)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831996/; classtype:trojan-activity;sid:84695096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831997)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831997/; classtype:trojan-activity;sid:84695097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831998)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831998/; classtype:trojan-activity;sid:84695098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831999)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831999/; classtype:trojan-activity;sid:84695099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831992)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831992/; classtype:trojan-activity;sid:84695092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.244.232.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831874/; classtype:trojan-activity;sid:84694974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831759)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831759/; classtype:trojan-activity;sid:84694859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831738)"; flow:established,from_client; content:"GET"; http_method; content:"/aiermass/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831738/; classtype:trojan-activity;sid:84694838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831688)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831688/; classtype:trojan-activity;sid:84694788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831687)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewx86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831687/; classtype:trojan-activity;sid:84694787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831686)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831686/; classtype:trojan-activity;sid:84694786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831684)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831684/; classtype:trojan-activity;sid:84694784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831685)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewarm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831685/; classtype:trojan-activity;sid:84694785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831681)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewmips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831681/; classtype:trojan-activity;sid:84694781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831682)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewx8664"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831682/; classtype:trojan-activity;sid:84694782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831683)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaanewmpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831683/; classtype:trojan-activity;sid:84694783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831663)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/lterouter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831663/; classtype:trojan-activity;sid:84694763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831660)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831660/; classtype:trojan-activity;sid:84694760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831661)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831661/; classtype:trojan-activity;sid:84694761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831490)"; flow:established,from_client; content:"GET"; http_method; content:"/labieds/splitwriter/raw/refs/heads/main/public/splitwriter-v2.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831490/; classtype:trojan-activity;sid:84694590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831491)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/web/hooks/cv-screener-3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831491/; classtype:trojan-activity;sid:84694591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831492)"; flow:established,from_client; content:"GET"; http_method; content:"/sahius1/socialvideoutility/main/screenshots/video-social-utility-v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831492/; classtype:trojan-activity;sid:84694592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831479)"; flow:established,from_client; content:"GET"; http_method; content:"/123affano1/claudetrack/raw/refs/heads/main/client/src/pages/software_v1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831479/; classtype:trojan-activity;sid:84694579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831480)"; flow:established,from_client; content:"GET"; http_method; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/images/grammarfixer-2.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831480/; classtype:trojan-activity;sid:84694580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831481)"; flow:established,from_client; content:"GET"; http_method; content:"/chamara1989/prismos-ai/main/docs/screenshots/prismos_ai_2.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831481/; classtype:trojan-activity;sid:84694581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831482)"; flow:established,from_client; content:"GET"; http_method; content:"/commutertrafficfarsi309/qclaw-old/raw/refs/heads/main/fasciolidae/qclaw_old_v1.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831482/; classtype:trojan-activity;sid:84694582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831483)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsujalarora/githubmeter/raw/refs/heads/main/src/styles/github_meter_v2.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831483/; classtype:trojan-activity;sid:84694583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831484)"; flow:established,from_client; content:"GET"; http_method; content:"/arockiakoilpillai/temp-email-api/raw/refs/heads/master/images/temp-email-api-v1.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831484/; classtype:trojan-activity;sid:84694584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831485)"; flow:established,from_client; content:"GET"; http_method; content:"/ggshcgdh/localtranslateapp/raw/refs/heads/main/kittly/translate_app_local_3.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831485/; classtype:trojan-activity;sid:84694585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831486)"; flow:established,from_client; content:"GET"; http_method; content:"/arockiakoilpillai/temp-email-api/raw/refs/heads/master/images/temp-email-api_v3.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831486/; classtype:trojan-activity;sid:84694586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831487)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/api/postman/screener_cv_v2.8-alpha.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831487/; classtype:trojan-activity;sid:84694587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831488)"; flow:established,from_client; content:"GET"; http_method; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/grammarfixer/resources/fixer-grammar-1.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831488/; classtype:trojan-activity;sid:84694588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831489)"; flow:established,from_client; content:"GET"; http_method; content:"/reency/blox-fruits/raw/refs/heads/main/regardance/fruits_blox_v1.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831489/; classtype:trojan-activity;sid:84694589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831478)"; flow:established,from_client; content:"GET"; http_method; content:"/lapk0m/n01d-overwatch/main/shared/overwatch-n-d-2.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831478/; classtype:trojan-activity;sid:84694578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831476)"; flow:established,from_client; content:"GET"; http_method; content:"/nytroze/ant-design-wpf/raw/refs/heads/master/src/antdesign.wpf/wpf-ant-design-v3.7-beta.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831476/; classtype:trojan-activity;sid:84694576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831477)"; flow:established,from_client; content:"GET"; http_method; content:"/mikey143-kun/agentchattr/main/session_templates/software-3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831477/; classtype:trojan-activity;sid:84694577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831472)"; flow:established,from_client; content:"GET"; http_method; content:"/ayubalishah/mac-recorder/raw/refs/heads/main/dist/macrecorder-0.2.0.pkg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831472/; classtype:trojan-activity;sid:84694572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831473)"; flow:established,from_client; content:"GET"; http_method; content:"/mwamwaaaa/opentypeless/main/src/hooks/software-v1.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831473/; classtype:trojan-activity;sid:84694573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831474)"; flow:established,from_client; content:"GET"; http_method; content:"/ayubalishah/mac-recorder/main/macrecorder/resources/assets.xcassets/recorder-mac-2.6.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831474/; classtype:trojan-activity;sid:84694574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831475)"; flow:established,from_client; content:"GET"; http_method; content:"/nightmanvr/modernnav/raw/refs/heads/main/src/hooks/modern_nav_1.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831475/; classtype:trojan-activity;sid:84694575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831467)"; flow:established,from_client; content:"GET"; http_method; content:"/nightmanvr/modernnav/raw/refs/heads/main/public/fonts/modern-nav-v3.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831467/; classtype:trojan-activity;sid:84694567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831471)"; flow:established,from_client; content:"GET"; http_method; content:"/labieds/splitwriter/main/src/windows%20-%20old/boards/text-engine/_old/software-v2.8-beta.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831471/; classtype:trojan-activity;sid:84694571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831462)"; flow:established,from_client; content:"GET"; http_method; content:"/twelve-today822/juai/main/assets/ai_ju_riverwards.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831462/; classtype:trojan-activity;sid:84694562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831450)"; flow:established,from_client; content:"GET"; http_method; content:"/yashsoni443/ai-image-generator-web/master/functions/web_generator_image_ai_v2.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831450/; classtype:trojan-activity;sid:84694550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831451)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/trading-3.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831451/; classtype:trojan-activity;sid:84694551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831446)"; flow:established,from_client; content:"GET"; http_method; content:"/unaccustomed-godspeed86/appbun/main/src/lib/software-2.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831446/; classtype:trojan-activity;sid:84694546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831447)"; flow:established,from_client; content:"GET"; http_method; content:"/yashsoni443/ai-image-generator-web/raw/refs/heads/master/functions/ai-image-generator-web_v3.0.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831447/; classtype:trojan-activity;sid:84694547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831448)"; flow:established,from_client; content:"GET"; http_method; content:"/lacquerwarepernyimoth791/crosshair-x-custom-crosshair-overlay-for-every-game/raw/refs/heads/main/1.24.2/for_game_custom_overlay_every_crosshair_3.2-alpha.2.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831448/; classtype:trojan-activity;sid:84694548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831449)"; flow:established,from_client; content:"GET"; http_method; content:"/yuhejdjdi2828264/ediktefinder-analyzer/raw/refs/heads/main/feminality/analyzer-edikte-finder-3.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831449/; classtype:trojan-activity;sid:84694549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831441)"; flow:established,from_client; content:"GET"; http_method; content:"/almondleaveswillowlorenzodressing280/opguia/main/opguia/pages/connection/software-v1.2-alpha.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831441/; classtype:trojan-activity;sid:84694541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831442)"; flow:established,from_client; content:"GET"; http_method; content:"/yousefmohamed54701/pygenpass/main/intertangle/gen-py-pass-v3.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831442/; classtype:trojan-activity;sid:84694542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831443)"; flow:established,from_client; content:"GET"; http_method; content:"/mrfrank-07/ipa-edit/raw/refs/heads/main/modules/edit_i_p_v1.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831443/; classtype:trojan-activity;sid:84694543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831445)"; flow:established,from_client; content:"GET"; http_method; content:"/bragii044/securekey-vault/main/context/secure_vault_key_v2.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831445/; classtype:trojan-activity;sid:84694545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831436)"; flow:established,from_client; content:"GET"; http_method; content:"/ajobka/teams-alive/raw/refs/heads/main/childe/teams-alive-1.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831436/; classtype:trojan-activity;sid:84694536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831438)"; flow:established,from_client; content:"GET"; http_method; content:"/holasisisi23/telegram-media-downloader/raw/refs/heads/main/unnoticed/media-telegram-downloader-unhatched.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831438/; classtype:trojan-activity;sid:84694538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831439)"; flow:established,from_client; content:"GET"; http_method; content:"/astriefaw/animo-app/raw/refs/heads/master/gradle/wrapper/animo-app_v2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831439/; classtype:trojan-activity;sid:84694539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831440)"; flow:established,from_client; content:"GET"; http_method; content:"/flystudiostech/haydee-ai-outfit-generator-gui/main/tests/ai_outfit_generator_haydee_gui_1.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831440/; classtype:trojan-activity;sid:84694540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831432)"; flow:established,from_client; content:"GET"; http_method; content:"/pitthawat7/openclaw-win/raw/refs/heads/main/src/win_openclaw_2.7-alpha.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831432/; classtype:trojan-activity;sid:84694532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831433)"; flow:established,from_client; content:"GET"; http_method; content:"/funeralvalue508/crossdevicetracker.desktop/main/unheretical/cross_tracker_desktop_device_v1.8.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831433/; classtype:trojan-activity;sid:84694533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831435)"; flow:established,from_client; content:"GET"; http_method; content:"/ke029121/energized-time-tracker/raw/refs/heads/main/phlebopexy/energized-time-tracker-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831435/; classtype:trojan-activity;sid:84694535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831429)"; flow:established,from_client; content:"GET"; http_method; content:"/sparoecanthusfultoni104/exphora_db/raw/refs/heads/main/ui/src/components/settings/exphora-db-v3.4-beta.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831429/; classtype:trojan-activity;sid:84694529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831430)"; flow:established,from_client; content:"GET"; http_method; content:"/anandhupeepi/kafkalet/raw/refs/heads/main/frontend/node_modules/tailwindcss/lib/cli/software-cowardy.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831430/; classtype:trojan-activity;sid:84694530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831425)"; flow:established,from_client; content:"GET"; http_method; content:"/hundred-praisworthiness384/domainos/main/scripts/os-domain-1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831425/; classtype:trojan-activity;sid:84694525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831427)"; flow:established,from_client; content:"GET"; http_method; content:"/acting-correlationalanalysis567/twin-bridge-v1/main/frontend/src/bridge_twin_1.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831427/; classtype:trojan-activity;sid:84694527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831417)"; flow:established,from_client; content:"GET"; http_method; content:"/kathan2504/auto-voice-over-tool/raw/refs/heads/main/src/windows/main/auto_tool_over_voice_fining.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831417/; classtype:trojan-activity;sid:84694517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831406)"; flow:established,from_client; content:"GET"; http_method; content:"/loeyyyyy/ai-voice-changer-real-time-2026/raw/refs/heads/main/cpp/de/jurihock/voicesmith/plug/time-changer-real-a-voice-3.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831406/; classtype:trojan-activity;sid:84694506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831407)"; flow:established,from_client; content:"GET"; http_method; content:"/astriefaw/animo-app/raw/refs/heads/master/gradle/animo_app_v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831407/; classtype:trojan-activity;sid:84694507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831409)"; flow:established,from_client; content:"GET"; http_method; content:"/poetic-macroglia442/openclaw-desktop-launcher/raw/refs/heads/main/startopenclawlauncher/services/launcher_desktop_openclaw_v3.8-beta.2.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831409/; classtype:trojan-activity;sid:84694509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831410)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/software_1.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831410/; classtype:trojan-activity;sid:84694510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831411)"; flow:established,from_client; content:"GET"; http_method; content:"/sb090/tauri-plugin-macos-fps/main/examples/fps-diag/src-tauri/capabilities/plugin_macos_fps_tauri_2.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831411/; classtype:trojan-activity;sid:84694511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831403)"; flow:established,from_client; content:"GET"; http_method; content:"/koteshwr-ra/linux-mac/main/image/common/overlay/etc/linux_mac_hacker.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831403/; classtype:trojan-activity;sid:84694503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831404)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulmejid/desktopledsync/main/providers/desktop_led_sync_v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831404/; classtype:trojan-activity;sid:84694504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831405)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasxii/nullbyte/raw/refs/heads/main/docs/assets/byte_null_v3.0-beta.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831405/; classtype:trojan-activity;sid:84694505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831369)"; flow:established,from_client; content:"GET"; http_method; content:"/scriptez1/redxfreesteaminstaller/releases/download/v2.4.4/redx_setup.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831369/; classtype:trojan-activity;sid:84694469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831364)"; flow:established,from_client; content:"GET"; http_method; content:"/duroypogi/gann-master-3d/raw/refs/heads/main/perichondritis/gann-d-master-v3.0-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831364/; classtype:trojan-activity;sid:84694464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831365)"; flow:established,from_client; content:"GET"; http_method; content:"/reency/blox-fruits/raw/refs/heads/main/regardance/bloxfruits_1.0-alpha.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831365/; classtype:trojan-activity;sid:84694465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831366)"; flow:established,from_client; content:"GET"; http_method; content:"/ojb2017/vectorfusion/raw/refs/heads/main/assets/vectorfusion_aplanospore.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831366/; classtype:trojan-activity;sid:84694466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831367)"; flow:established,from_client; content:"GET"; http_method; content:"/anantbhardwaj828/cursor-free-vip/raw/refs/heads/main/electron/vip-free-cursor-v2.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831367/; classtype:trojan-activity;sid:84694467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831368)"; flow:established,from_client; content:"GET"; http_method; content:"/anantbhardwaj828/cursor-free-vip/main/assets/cursor_free_vip_1.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831368/; classtype:trojan-activity;sid:84694468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831361)"; flow:established,from_client; content:"GET"; http_method; content:"/tphuc7639/chop-your-tree-script/raw/refs/heads/main/endermatic/scripttreeyourchop-1.8-beta.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831361/; classtype:trojan-activity;sid:84694461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831362)"; flow:established,from_client; content:"GET"; http_method; content:"/duroypogi/gann-master-3d/raw/refs/heads/main/perichondritis/master_d_gann_2.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831362/; classtype:trojan-activity;sid:84694462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831363)"; flow:established,from_client; content:"GET"; http_method; content:"/tphuc7639/chop-your-tree-script/raw/refs/heads/main/endermatic/your_script_tree_chop_3.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831363/; classtype:trojan-activity;sid:84694463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831358)"; flow:established,from_client; content:"GET"; http_method; content:"/puscasupaul01/wallet-hunter/raw/refs/heads/main/unchastised/hunter_wallet_cockshut.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831358/; classtype:trojan-activity;sid:84694458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.153.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831230/; classtype:trojan-activity;sid:84694330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.187.101.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831217/; classtype:trojan-activity;sid:84694317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830970)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830970/; classtype:trojan-activity;sid:84694070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830938)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/raw/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830938/; classtype:trojan-activity;sid:84694038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830936)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/n8n-mt5-fetch/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830936/; classtype:trojan-activity;sid:84694036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830937)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/n8n-mt5-fetch/raw/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830937/; classtype:trojan-activity;sid:84694037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830935)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/rupa9495.github.io/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830935/; classtype:trojan-activity;sid:84694035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830934)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/rupa9495.github.io/raw/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830934/; classtype:trojan-activity;sid:84694034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830933)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830933/; classtype:trojan-activity;sid:84694033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830856)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/bright-future-academy/raw/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830856/; classtype:trojan-activity;sid:84693956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830857)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/raw/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830857/; classtype:trojan-activity;sid:84693957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830858)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/stm32-oled-i2c-hal-coding-method/raw/refs/heads/main/drivers/cmsis/device/st/st_ha_coding_method_ole_v3.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830858/; classtype:trojan-activity;sid:84693958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830859)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/compose-password/raw/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830859/; classtype:trojan-activity;sid:84693959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830860)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/particalfun/refs/heads/main/build/software-v3.8-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830860/; classtype:trojan-activity;sid:84693960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830861)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/kevlar782.github.io/raw/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830861/; classtype:trojan-activity;sid:84693961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830862)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/claude-code-showcase/raw/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830862/; classtype:trojan-activity;sid:84693962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830863)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/raw/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830863/; classtype:trojan-activity;sid:84693963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830864)"; flow:established,from_client; content:"GET"; http_method; content:"/mhmdoafv/swiftemoji/raw/refs/heads/main/sources/swiftemojiindex/datasource/swift-emoji-1.9-beta.3.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830864/; classtype:trojan-activity;sid:84693964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830865)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/compose-password/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830865/; classtype:trojan-activity;sid:84693965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830866)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/portfolio/raw/refs/heads/main/assets/projects/software_v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830866/; classtype:trojan-activity;sid:84693966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830867)"; flow:established,from_client; content:"GET"; http_method; content:"/mhmdoafv/mhmdoafv.github.io/raw/refs/heads/main/cephalhematoma/github-io-mhmdoafv-1.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830867/; classtype:trojan-activity;sid:84693967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830868)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/facebook-marketing-automation/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830868/; classtype:trojan-activity;sid:84693968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830869)"; flow:established,from_client; content:"GET"; http_method; content:"/mhmdoafv/mhmdoafv.github.io/refs/heads/main/cephalhematoma/github-io-mhmdoafv-1.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830869/; classtype:trojan-activity;sid:84693969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830870)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/bright-future-academy/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830870/; classtype:trojan-activity;sid:84693970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830871)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/portfolio/refs/heads/main/assets/projects/software_v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830871/; classtype:trojan-activity;sid:84693971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830872)"; flow:established,from_client; content:"GET"; http_method; content:"/mhmdoafv/swiftemoji/refs/heads/main/sources/swiftemojiindex/datasource/swift-emoji-1.9-beta.3.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830872/; classtype:trojan-activity;sid:84693972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830873)"; flow:established,from_client; content:"GET"; http_method; content:"/raditpasy25/aws-serverless-elt-pipeline/refs/heads/main/infra/terraform/modules/lambda_event_source_mapping/serverless_pipeline_aw_el_v3.5-beta.5.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830873/; classtype:trojan-activity;sid:84693973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830874)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830874/; classtype:trojan-activity;sid:84693974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830875)"; flow:established,from_client; content:"GET"; http_method; content:"/raditpasy25/aws-serverless-elt-pipeline/raw/refs/heads/main/infra/terraform/modules/lambda_event_source_mapping/serverless_pipeline_aw_el_v3.5-beta.5.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830875/; classtype:trojan-activity;sid:84693975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830876)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/facebook-marketing-automation/raw/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830876/; classtype:trojan-activity;sid:84693976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830851)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/particalfun/raw/refs/heads/main/build/software-v3.8-beta.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830851/; classtype:trojan-activity;sid:84693951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830852)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/alyasdz.github.io/refs/heads/main/primulic/io_alyasdz_github_v1.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830852/; classtype:trojan-activity;sid:84693952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830853)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830853/; classtype:trojan-activity;sid:84693953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830854)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/ipoprock.github.io/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830854/; classtype:trojan-activity;sid:84693954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830855)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/builds/raw/refs/heads/main/build/software-1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830855/; classtype:trojan-activity;sid:84693955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830849)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/android-development/refs/heads/main/examples/android-development-v3.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830849/; classtype:trojan-activity;sid:84693949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830850)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/stm32-oled-i2c-hal-coding-method/refs/heads/main/drivers/cmsis/device/st/st_ha_coding_method_ole_v3.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830850/; classtype:trojan-activity;sid:84693950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830847)"; flow:established,from_client; content:"GET"; http_method; content:"/raditpasy25/raditpasy25.github.io/raw/refs/heads/main/degradement/github-raditpasy-io-2.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830847/; classtype:trojan-activity;sid:84693947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830846)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/builds/refs/heads/main/build/software-1.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830846/; classtype:trojan-activity;sid:84693946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830845)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/alyasdz.github.io/raw/refs/heads/main/primulic/io_alyasdz_github_v1.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830845/; classtype:trojan-activity;sid:84693945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830841)"; flow:established,from_client; content:"GET"; http_method; content:"/raditpasy25/raditpasy25.github.io/refs/heads/main/degradement/github-raditpasy-io-2.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830841/; classtype:trojan-activity;sid:84693941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830842)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/claude-code-showcase/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830842/; classtype:trojan-activity;sid:84693942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830843)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/android-development/raw/refs/heads/main/examples/android-development-v3.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830843/; classtype:trojan-activity;sid:84693943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830844)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/ipoprock.github.io/raw/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830844/; classtype:trojan-activity;sid:84693944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830815)"; flow:established,from_client; content:"GET"; http_method; content:"/ojamesalaba93/bloom/refs/heads/main/packages/bloom/software-2.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830815/; classtype:trojan-activity;sid:84693915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830816)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/space-project/raw/refs/heads/master/home/project-space-3.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830816/; classtype:trojan-activity;sid:84693916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830817)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/hankamarvanova.github.io/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830817/; classtype:trojan-activity;sid:84693917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830818)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/qwen3-vl-embedding/raw/refs/heads/main/scripts/evaluation/mmeb_v2/qwen-v-embedding-v3.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830818/; classtype:trojan-activity;sid:84693918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830819)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/raw/refs/heads/main/sources/db_unified_3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830819/; classtype:trojan-activity;sid:84693919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830820)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/simple-calculator/raw/refs/heads/master/node_modules/get-intrinsic/.github/calculator_simple_v1.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830820/; classtype:trojan-activity;sid:84693920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830821)"; flow:established,from_client; content:"GET"; http_method; content:"/craftmesut/geanos-scene-optimizer/raw/refs/heads/main/styles/optimizer-scene-geanos-keenly.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830821/; classtype:trojan-activity;sid:84693921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830822)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/laravael-ui-dashboard/raw/refs/heads/main/resources/views/pages/laravel/ui-laravael-dashboard-vitamer.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830822/; classtype:trojan-activity;sid:84693922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830823)"; flow:established,from_client; content:"GET"; http_method; content:"/ojamesalaba93/ojamesalaba93.github.io/raw/refs/heads/main/stormward/io_ojamesalaba_github_v2.1.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830823/; classtype:trojan-activity;sid:84693923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830824)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/laravael-ui-dashboard/refs/heads/main/resources/views/pages/laravel/ui-laravael-dashboard-vitamer.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830824/; classtype:trojan-activity;sid:84693924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830825)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/simple-calculator/refs/heads/master/node_modules/get-intrinsic/.github/calculator_simple_v1.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830825/; classtype:trojan-activity;sid:84693925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830826)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/genshin-ts/raw/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830826/; classtype:trojan-activity;sid:84693926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830827)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/game/raw/refs/heads/main/reputed/software-v1.8-alpha.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830827/; classtype:trojan-activity;sid:84693927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830828)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/raw/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830828/; classtype:trojan-activity;sid:84693928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830829)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/espressivep.github.io/raw/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830829/; classtype:trojan-activity;sid:84693929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830830)"; flow:established,from_client; content:"GET"; http_method; content:"/craftmesut/craftmesut.github.io/raw/refs/heads/main/yuca/craftmesut_github_io_v1.8-beta.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830830/; classtype:trojan-activity;sid:84693930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830831)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/refs/heads/main/sources/db_unified_3.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830831/; classtype:trojan-activity;sid:84693931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830832)"; flow:established,from_client; content:"GET"; http_method; content:"/ojamesalaba93/ojamesalaba93.github.io/refs/heads/main/stormward/io_ojamesalaba_github_v2.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830832/; classtype:trojan-activity;sid:84693932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830833)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/qwen3-vl-embedding/refs/heads/main/scripts/evaluation/mmeb_v2/qwen-v-embedding-v3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830833/; classtype:trojan-activity;sid:84693933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830834)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830834/; classtype:trojan-activity;sid:84693934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830835)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/game/refs/heads/main/reputed/software-v1.8-alpha.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830835/; classtype:trojan-activity;sid:84693935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830836)"; flow:established,from_client; content:"GET"; http_method; content:"/craftmesut/geanos-scene-optimizer/refs/heads/main/styles/optimizer-scene-geanos-keenly.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830836/; classtype:trojan-activity;sid:84693936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830837)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/espressivep.github.io/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830837/; classtype:trojan-activity;sid:84693937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830838)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/kevlar782.github.io/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830838/; classtype:trojan-activity;sid:84693938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830839)"; flow:established,from_client; content:"GET"; http_method; content:"/craftmesut/craftmesut.github.io/refs/heads/main/yuca/craftmesut_github_io_v1.8-beta.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830839/; classtype:trojan-activity;sid:84693939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830840)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/genshin-ts/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830840/; classtype:trojan-activity;sid:84693940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830810)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/maplecoder18.github.io/refs/heads/main/flaky/maplecoder_io_github_v2.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830810/; classtype:trojan-activity;sid:84693910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830811)"; flow:established,from_client; content:"GET"; http_method; content:"/ojamesalaba93/bloom/raw/refs/heads/main/packages/bloom/software-2.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830811/; classtype:trojan-activity;sid:84693911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830812)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/maplecoder18.github.io/raw/refs/heads/main/flaky/maplecoder_io_github_v2.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830812/; classtype:trojan-activity;sid:84693912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830813)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/space-project/refs/heads/master/home/project-space-3.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830813/; classtype:trojan-activity;sid:84693913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830814)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/hankamarvanova.github.io/raw/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830814/; classtype:trojan-activity;sid:84693914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830784)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/bot-n-animado-con-html-y-css/raw/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830784/; classtype:trojan-activity;sid:84693884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.79.147.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830781/; classtype:trojan-activity;sid:84693881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830780)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/w_merchs/raw/refs/heads/main/src/layouts/merchs_3.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830780/; classtype:trojan-activity;sid:84693880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830777)"; flow:established,from_client; content:"GET"; http_method; content:"/ziebwon/cnmsb/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830777/; classtype:trojan-activity;sid:84693877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830778)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830778/; classtype:trojan-activity;sid:84693878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830779)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/jhoi2000.github.io/raw/refs/heads/main/sociometry/github-jhoi-io-v2.3-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830779/; classtype:trojan-activity;sid:84693879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830762)"; flow:established,from_client; content:"GET"; http_method; content:"/mtelej/solana-dev-skill/raw/refs/heads/main/skill/solana-dev-skill-3.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830762/; classtype:trojan-activity;sid:84693862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830763)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/bot-n-animado-con-html-y-css/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830763/; classtype:trojan-activity;sid:84693863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830764)"; flow:established,from_client; content:"GET"; http_method; content:"/mtelej/mtelej.github.io/raw/refs/heads/main/outdream/io-github-mtelej-2.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830764/; classtype:trojan-activity;sid:84693864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830765)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/zen-c/raw/refs/heads/master/images/zen_c_hydramnion.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830765/; classtype:trojan-activity;sid:84693865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830766)"; flow:established,from_client; content:"GET"; http_method; content:"/mtelej/solana-dev-skill/refs/heads/main/skill/solana-dev-skill-3.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830766/; classtype:trojan-activity;sid:84693866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830767)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/techgyan123.github.io/raw/refs/heads/main/stinkball/techgyan_github_io_thunderously.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830767/; classtype:trojan-activity;sid:84693867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830768)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/propesy_demon/raw/refs/heads/main/public/propesy-demon-2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830768/; classtype:trojan-activity;sid:84693868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830769)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/raw/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830769/; classtype:trojan-activity;sid:84693869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830770)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/gestion_voluntario/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830770/; classtype:trojan-activity;sid:84693870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830771)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/gestion_voluntario/raw/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830771/; classtype:trojan-activity;sid:84693871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830772)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/community-design-resources/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830772/; classtype:trojan-activity;sid:84693872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830773)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/community-design-resources/raw/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830773/; classtype:trojan-activity;sid:84693873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830774)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/w_merchs/refs/heads/main/src/layouts/merchs_3.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830774/; classtype:trojan-activity;sid:84693874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830775)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/techgyan123.github.io/refs/heads/main/stinkball/techgyan_github_io_thunderously.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830775/; classtype:trojan-activity;sid:84693875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830776)"; flow:established,from_client; content:"GET"; http_method; content:"/ziebwon/cnmsb/raw/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830776/; classtype:trojan-activity;sid:84693876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830749)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/propesy_demon/refs/heads/main/public/propesy-demon-2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830749/; classtype:trojan-activity;sid:84693849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830750)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/zen-c/refs/heads/master/images/zen_c_hydramnion.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830750/; classtype:trojan-activity;sid:84693850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830751)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/jeffplatinum1013.github.io/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830751/; classtype:trojan-activity;sid:84693851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830752)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/evotokendlm/refs/heads/master/assets/dlm_evo_token_1.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830752/; classtype:trojan-activity;sid:84693852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830753)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/astro-pu/raw/refs/heads/main/src/content/blog/pu_astro_v1.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830753/; classtype:trojan-activity;sid:84693853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830754)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/soufiane20032003.github.io/raw/refs/heads/main/coupling/soufiane-io-github-v1.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830754/; classtype:trojan-activity;sid:84693854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830755)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/faisaloday.github.io/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830755/; classtype:trojan-activity;sid:84693855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830756)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/theenemylost.github.io/raw/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830756/; classtype:trojan-activity;sid:84693856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830757)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/jhoi2000.github.io/refs/heads/main/sociometry/github-jhoi-io-v2.3-beta.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830757/; classtype:trojan-activity;sid:84693857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830758)"; flow:established,from_client; content:"GET"; http_method; content:"/mtelej/mtelej.github.io/refs/heads/main/outdream/io-github-mtelej-2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830758/; classtype:trojan-activity;sid:84693858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830759)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/transformer-hierarchical-layers/raw/refs/heads/main/tests/utils/layers-hierarchical-transformer-3.5.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830759/; classtype:trojan-activity;sid:84693859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830760)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/appium-flutter-java-automation/raw/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830760/; classtype:trojan-activity;sid:84693860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830761)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/faisaloday.github.io/raw/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830761/; classtype:trojan-activity;sid:84693861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830740)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/soufiane20032003.github.io/refs/heads/main/coupling/soufiane-io-github-v1.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830740/; classtype:trojan-activity;sid:84693840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830741)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/evotokendlm/raw/refs/heads/master/assets/dlm_evo_token_1.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830741/; classtype:trojan-activity;sid:84693841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830742)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/astro-pu/refs/heads/main/src/content/blog/pu_astro_v1.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830742/; classtype:trojan-activity;sid:84693842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830743)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/websyze.github.io/raw/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830743/; classtype:trojan-activity;sid:84693843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830744)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/websyze.github.io/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830744/; classtype:trojan-activity;sid:84693844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830745)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/theenemylost.github.io/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830745/; classtype:trojan-activity;sid:84693845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830746)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/jeffplatinum1013.github.io/raw/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830746/; classtype:trojan-activity;sid:84693846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830747)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/appium-flutter-java-automation/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830747/; classtype:trojan-activity;sid:84693847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830748)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/transformer-hierarchical-layers/refs/heads/main/tests/utils/layers-hierarchical-transformer-3.5.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830748/; classtype:trojan-activity;sid:84693848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830734)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/awesome-flipperzero/raw/refs/heads/main/squirrelfish/flipperzero_awesome_2.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830734/; classtype:trojan-activity;sid:84693834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830725)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/novabar/refs/heads/main/src/about/bar-nova-spiritfully.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830725/; classtype:trojan-activity;sid:84693825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830726)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/detsad312.github.io/refs/heads/main/untwinned/io-github-detsad-2.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830726/; classtype:trojan-activity;sid:84693826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830727)"; flow:established,from_client; content:"GET"; http_method; content:"/bubreg0301/bubreg0301.github.io/refs/heads/main/impedance/io_bubreg_github_v3.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830727/; classtype:trojan-activity;sid:84693827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830728)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/profile-metadata/refs/heads/main/spiranthy/metadata-profile-v1.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830728/; classtype:trojan-activity;sid:84693828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830730)"; flow:established,from_client; content:"GET"; http_method; content:"/novabiriseg/gpio-led-cycle/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830730/; classtype:trojan-activity;sid:84693830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830732)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/darkexception22.github.io/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830732/; classtype:trojan-activity;sid:84693832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830733)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/novabar/refs/heads/main/data/nova-bar-2.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830733/; classtype:trojan-activity;sid:84693833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830716)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/dim747.github.io/raw/refs/heads/main/downfold/dim-github-io-myogenetic.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830716/; classtype:trojan-activity;sid:84693816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830717)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/afa567.github.io/raw/refs/heads/main/foreadvice/afa_github_io_2.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830717/; classtype:trojan-activity;sid:84693817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830718)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/dim747.github.io/refs/heads/main/downfold/dim-github-io-myogenetic.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830718/; classtype:trojan-activity;sid:84693818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830719)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/profile-metadata/raw/refs/heads/main/spiranthy/metadata-profile-v1.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830719/; classtype:trojan-activity;sid:84693819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830720)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/mo911-w16.github.io/raw/refs/heads/main/towards/github-w-mo-io-badenite.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830720/; classtype:trojan-activity;sid:84693820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830721)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/mo911-w16.github.io/refs/heads/main/towards/github-w-mo-io-badenite.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830721/; classtype:trojan-activity;sid:84693821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830722)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/openbento/refs/heads/main/components/software_v3.2-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830722/; classtype:trojan-activity;sid:84693822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830723)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/novabar/raw/refs/heads/main/src/about/bar-nova-spiritfully.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830723/; classtype:trojan-activity;sid:84693823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830724)"; flow:established,from_client; content:"GET"; http_method; content:"/novabiriseg/gpio-led-cycle/raw/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830724/; classtype:trojan-activity;sid:84693824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830712)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/da-hood-lock-script-showcase/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830712/; classtype:trojan-activity;sid:84693812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830713)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/raw/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830713/; classtype:trojan-activity;sid:84693813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830715)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/detsad312.github.io/raw/refs/heads/main/untwinned/io-github-detsad-2.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830715/; classtype:trojan-activity;sid:84693815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830710)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/universal-ideation-v3/raw/refs/heads/main/driftpiece/ideation-universal-v-v1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830710/; classtype:trojan-activity;sid:84693810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830711)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/ydanok01.github.io/raw/refs/heads/main/eagless/github_ydanok_io_v3.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830711/; classtype:trojan-activity;sid:84693811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830703)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/universal-ideation-v3/refs/heads/main/driftpiece/ideation-universal-v-v1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830703/; classtype:trojan-activity;sid:84693803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830704)"; flow:established,from_client; content:"GET"; http_method; content:"/bubreg0301/tracey/refs/heads/main/docs/spec/software-3.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830704/; classtype:trojan-activity;sid:84693804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830705)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/novabar/raw/refs/heads/main/data/nova-bar-2.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830705/; classtype:trojan-activity;sid:84693805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830706)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/aayush/refs/heads/master/dietic/software-commenceable.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830706/; classtype:trojan-activity;sid:84693806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830707)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/aayush/raw/refs/heads/master/dietic/software-commenceable.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830707/; classtype:trojan-activity;sid:84693807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830708)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/da-hood-lock-script-showcase/raw/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830708/; classtype:trojan-activity;sid:84693808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830709)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/openbento/raw/refs/heads/main/components/software_v3.2-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830709/; classtype:trojan-activity;sid:84693809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830697)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/flipper/raw/refs/heads/main/sub-ghz/remote_outlet_switches/voltman_dio041050/software_v3.6.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830697/; classtype:trojan-activity;sid:84693797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830698)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/flipper/refs/heads/main/sub-ghz/remote_outlet_switches/voltman_dio041050/software_v3.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830698/; classtype:trojan-activity;sid:84693798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830699)"; flow:established,from_client; content:"GET"; http_method; content:"/bubreg0301/bubreg0301.github.io/raw/refs/heads/main/impedance/io_bubreg_github_v3.2.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830699/; classtype:trojan-activity;sid:84693799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830700)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/awesome-flipperzero/refs/heads/main/squirrelfish/flipperzero_awesome_2.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830700/; classtype:trojan-activity;sid:84693800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830701)"; flow:established,from_client; content:"GET"; http_method; content:"/bubreg0301/tracey/raw/refs/heads/main/docs/spec/software-3.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830701/; classtype:trojan-activity;sid:84693801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830702)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/raw/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830702/; classtype:trojan-activity;sid:84693802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830692)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/zaluea/raw/refs/heads/main/site/games/flappybird/files/assets/3371288/1/software_v1.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830692/; classtype:trojan-activity;sid:84693792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830693)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/alphabet/raw/refs/heads/main/src/cmps/software_unattuned.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830693/; classtype:trojan-activity;sid:84693793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830694)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830694/; classtype:trojan-activity;sid:84693794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830695)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830695/; classtype:trojan-activity;sid:84693795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830696)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/ydanok01.github.io/refs/heads/main/eagless/github_ydanok_io_v3.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830696/; classtype:trojan-activity;sid:84693796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830689)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/zaluea/refs/heads/main/site/games/flappybird/files/assets/3371288/1/software_v1.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830689/; classtype:trojan-activity;sid:84693789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830690)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/alphabet/refs/heads/main/src/cmps/software_unattuned.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830690/; classtype:trojan-activity;sid:84693790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830682)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/qt-liquid-glass/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830682/; classtype:trojan-activity;sid:84693782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.79.147.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830683/; classtype:trojan-activity;sid:84693783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830681)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/corellm/refs/heads/main/corellm/software_calaba.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830681/; classtype:trojan-activity;sid:84693781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830679)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/pyflightprofiler/raw/refs/heads/main/flight_profiler/plugins/tt/profiler_py_flight_3.7-beta.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830679/; classtype:trojan-activity;sid:84693779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830680)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/obscure-affairs-unlocked-edition/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830680/; classtype:trojan-activity;sid:84693780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830678)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/.ai-dev/refs/heads/main/features/dev_ai_v3.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830678/; classtype:trojan-activity;sid:84693778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830665)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/neon-abyss-2-mod-toolkit/raw/refs/heads/branch/hypsophyllary/neon-toolkit-abyss-mod-v3.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830665/; classtype:trojan-activity;sid:84693765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830666)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/wpu-resolusi/raw/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830666/; classtype:trojan-activity;sid:84693766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830667)"; flow:established,from_client; content:"GET"; http_method; content:"/lkjhygtgvbhnjk/jquery-image-slider/raw/refs/heads/main/js/jquery-slider-image-2.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830667/; classtype:trojan-activity;sid:84693767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830668)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/grifindo_toy_new_system/raw/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830668/; classtype:trojan-activity;sid:84693768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830669)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/jquery-status-message/raw/refs/heads/main/css/status_message_jquery_2.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830669/; classtype:trojan-activity;sid:84693769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830670)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830670/; classtype:trojan-activity;sid:84693770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830671)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/raw/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830671/; classtype:trojan-activity;sid:84693771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830672)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/obscure-affairs-unlocked-edition/raw/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830672/; classtype:trojan-activity;sid:84693772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830673)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/wpu-resolusi/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830673/; classtype:trojan-activity;sid:84693773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830674)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/raw/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830674/; classtype:trojan-activity;sid:84693774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830675)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/corellm/raw/refs/heads/main/corellm/software_calaba.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830675/; classtype:trojan-activity;sid:84693775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830676)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830676/; classtype:trojan-activity;sid:84693776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830677)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/.ai-dev/raw/refs/heads/main/features/dev_ai_v3.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830677/; classtype:trojan-activity;sid:84693777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830644)"; flow:established,from_client; content:"GET"; http_method; content:"/celestiapolyunsaturated14/helios-engine/raw/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830644/; classtype:trojan-activity;sid:84693744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830645)"; flow:established,from_client; content:"GET"; http_method; content:"/lumansitrevormwesigwa/parallaxparticles/raw/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830645/; classtype:trojan-activity;sid:84693745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830646)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/photography_website/raw/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830646/; classtype:trojan-activity;sid:84693746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830647)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/photography_website/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830647/; classtype:trojan-activity;sid:84693747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830648)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830648/; classtype:trojan-activity;sid:84693748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830649)"; flow:established,from_client; content:"GET"; http_method; content:"/floyddemocratic337/fijahu-6/refs/heads/main/sibby/fijahu_v1.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830649/; classtype:trojan-activity;sid:84693749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830650)"; flow:established,from_client; content:"GET"; http_method; content:"/murad63/starwhore/refs/heads/main/polyphaser/star_whore_v2.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830650/; classtype:trojan-activity;sid:84693750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830651)"; flow:established,from_client; content:"GET"; http_method; content:"/celestiapolyunsaturated14/helios-engine/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830651/; classtype:trojan-activity;sid:84693751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830652)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/precision-aim-8ball-pool/raw/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830652/; classtype:trojan-activity;sid:84693752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830653)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/qt-liquid-glass/raw/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830653/; classtype:trojan-activity;sid:84693753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830654)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/adriannablo.github.io/raw/refs/heads/main/unpremeditatedly/github-nablo-io-adrian-3.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830654/; classtype:trojan-activity;sid:84693754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830655)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/grifindo_toy_new_system/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830655/; classtype:trojan-activity;sid:84693755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830656)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/java-fundamentals-fullname-/raw/refs/heads/main/postphlogistic/fullname_fundamentals_java_v3.6-alpha.1.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830656/; classtype:trojan-activity;sid:84693756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830657)"; flow:established,from_client; content:"GET"; http_method; content:"/lkjhygtgvbhnjk/jquery-image-slider/refs/heads/main/js/jquery-slider-image-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830657/; classtype:trojan-activity;sid:84693757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830658)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/precision-aim-8ball-pool/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830658/; classtype:trojan-activity;sid:84693758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830659)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/neon-abyss-2-mod-toolkit/refs/heads/branch/hypsophyllary/neon-toolkit-abyss-mod-v3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830659/; classtype:trojan-activity;sid:84693759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830660)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/jquery-status-message/refs/heads/main/css/status_message_jquery_2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830660/; classtype:trojan-activity;sid:84693760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830661)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/java-fundamentals-fullname-/refs/heads/main/postphlogistic/fullname_fundamentals_java_v3.6-alpha.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830661/; classtype:trojan-activity;sid:84693761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830662)"; flow:established,from_client; content:"GET"; http_method; content:"/murad63/starwhore/raw/refs/heads/main/polyphaser/star_whore_v2.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830662/; classtype:trojan-activity;sid:84693762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830663)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/raw/refs/heads/main/quiz/fijahu_v2.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830663/; classtype:trojan-activity;sid:84693763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830664)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/raw/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830664/; classtype:trojan-activity;sid:84693764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830641)"; flow:established,from_client; content:"GET"; http_method; content:"/lumansitrevormwesigwa/parallaxparticles/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830641/; classtype:trojan-activity;sid:84693741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830642)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/pyflightprofiler/refs/heads/main/flight_profiler/plugins/tt/profiler_py_flight_3.7-beta.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830642/; classtype:trojan-activity;sid:84693742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830643)"; flow:established,from_client; content:"GET"; http_method; content:"/floyddemocratic337/fijahu-6/raw/refs/heads/main/sibby/fijahu_v1.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830643/; classtype:trojan-activity;sid:84693743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830640)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/refs/heads/main/quiz/fijahu_v2.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830640/; classtype:trojan-activity;sid:84693740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830628)"; flow:established,from_client; content:"GET"; http_method; content:"/suren19173021/mytestproject/raw/refs/heads/main/vintager/software_1.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830628/; classtype:trojan-activity;sid:84693728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830627)"; flow:established,from_client; content:"GET"; http_method; content:"/machato2708/beyond-charts-interactive-storytelling/raw/refs/heads/main/illegalize/interactive_charts_beyond_storytelling_v1.6.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830627/; classtype:trojan-activity;sid:84693727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830626)"; flow:established,from_client; content:"GET"; http_method; content:"/machato2708/beyond-charts-interactive-storytelling/refs/heads/main/illegalize/interactive_charts_beyond_storytelling_v1.6.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830626/; classtype:trojan-activity;sid:84693726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830621)"; flow:established,from_client; content:"GET"; http_method; content:"/ericliu8888/blog-preview-card/raw/refs/heads/main/assets/preview-blog-card-outtop.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830621/; classtype:trojan-activity;sid:84693721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830622)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/raw/refs/heads/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830622/; classtype:trojan-activity;sid:84693722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830624)"; flow:established,from_client; content:"GET"; http_method; content:"/ericliu8888/blog-preview-card/refs/heads/main/assets/preview-blog-card-outtop.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830624/; classtype:trojan-activity;sid:84693724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830619)"; flow:established,from_client; content:"GET"; http_method; content:"/suren19173021/mytestproject/refs/heads/main/vintager/software_1.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830619/; classtype:trojan-activity;sid:84693719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830620)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/refs/heads/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830620/; classtype:trojan-activity;sid:84693720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830601)"; flow:established,from_client; content:"GET"; http_method; content:"/separatesoapmaker/cs2-report-tool/raw/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830601/; classtype:trojan-activity;sid:84693701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830602)"; flow:established,from_client; content:"GET"; http_method; content:"/separatesoapmaker/cs2-report-tool/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830602/; classtype:trojan-activity;sid:84693702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830600)"; flow:established,from_client; content:"GET"; http_method; content:"/seizesectorpraise/7-days-to-die-player-detection/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830600/; classtype:trojan-activity;sid:84693700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830598)"; flow:established,from_client; content:"GET"; http_method; content:"/seizesectorpraise/7-days-to-die-player-detection/raw/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830598/; classtype:trojan-activity;sid:84693698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.210.86.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830461/; classtype:trojan-activity;sid:84693561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.243.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830140/; classtype:trojan-activity;sid:84693240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830137/; classtype:trojan-activity;sid:84693237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830132/; classtype:trojan-activity;sid:84693232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830133/; classtype:trojan-activity;sid:84693233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830135)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/vnc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830135/; classtype:trojan-activity;sid:84693235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.229.35.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830030/; classtype:trojan-activity;sid:84693130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829957)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829957/; classtype:trojan-activity;sid:84693057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.166.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829895/; classtype:trojan-activity;sid:84692995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829781/; classtype:trojan-activity;sid:84692881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829773/; classtype:trojan-activity;sid:84692873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.178.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829580/; classtype:trojan-activity;sid:84692680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.84.219.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829571/; classtype:trojan-activity;sid:84692671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.210.86.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829561/; classtype:trojan-activity;sid:84692661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.178.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829559/; classtype:trojan-activity;sid:84692659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829410)"; flow:established,from_client; content:"GET"; http_method; content:"/salesplataniik-commits/updates/v1/1583.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829410/; classtype:trojan-activity;sid:84692510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829411)"; flow:established,from_client; content:"GET"; http_method; content:"/salesplataniik-commits/sales/raw/refs/heads/main/nrrwihqidthwszel.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829411/; classtype:trojan-activity;sid:84692511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829387)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829387/; classtype:trojan-activity;sid:84692487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829389)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829389/; classtype:trojan-activity;sid:84692489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829390)"; flow:established,from_client; content:"GET"; http_method; content:"/triangle"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"69.10.36.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829390/; classtype:trojan-activity;sid:84692490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829391)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829391/; classtype:trojan-activity;sid:84692491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829392)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829392/; classtype:trojan-activity;sid:84692492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829393)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829393/; classtype:trojan-activity;sid:84692493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829394)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829394/; classtype:trojan-activity;sid:84692494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829395)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829395/; classtype:trojan-activity;sid:84692495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829396)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829396/; classtype:trojan-activity;sid:84692496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829397)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829397/; classtype:trojan-activity;sid:84692497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829398)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829398/; classtype:trojan-activity;sid:84692498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829399)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.140.244.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829399/; classtype:trojan-activity;sid:84692499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829380)"; flow:established,from_client; content:"GET"; http_method; content:"/52.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.222.254.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829380/; classtype:trojan-activity;sid:84692480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829381)"; flow:established,from_client; content:"GET"; http_method; content:"/5252.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.222.254.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829381/; classtype:trojan-activity;sid:84692481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829211)"; flow:established,from_client; content:"GET"; http_method; content:"/oualiide/manageengine-desktop-central-crack/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829211/; classtype:trojan-activity;sid:84692311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829208)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/raw/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829208/; classtype:trojan-activity;sid:84692308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829209)"; flow:established,from_client; content:"GET"; http_method; content:"/oualiide/manageengine-desktop-central-crack/raw/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829209/; classtype:trojan-activity;sid:84692309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829210)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/cloudweb/raw/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829210/; classtype:trojan-activity;sid:84692310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829202)"; flow:established,from_client; content:"GET"; http_method; content:"/sanfin/jsoncrack.com/raw/refs/heads/main/public/assets/com-jsoncrack-3.3-beta.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829202/; classtype:trojan-activity;sid:84692302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829203)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/cloudweb/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829203/; classtype:trojan-activity;sid:84692303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829204)"; flow:established,from_client; content:"GET"; http_method; content:"/sanfin/jsoncrack.com/refs/heads/main/public/assets/com-jsoncrack-3.3-beta.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829204/; classtype:trojan-activity;sid:84692304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829205)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829205/; classtype:trojan-activity;sid:84692305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829206)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/vercel/refs/heads/main/methylanthracene/software_1.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829206/; classtype:trojan-activity;sid:84692306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829207)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/todo/refs/heads/main/eyeberry/software_v3.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829207/; classtype:trojan-activity;sid:84692307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829201)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/vercel/raw/refs/heads/main/methylanthracene/software_1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829201/; classtype:trojan-activity;sid:84692301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829199)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/hash_crack/raw/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829199/; classtype:trojan-activity;sid:84692299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829200)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/todo/raw/refs/heads/main/eyeberry/software_v3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829200/; classtype:trojan-activity;sid:84692300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829198)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/web/raw/refs/heads/main/reticence/software-uncivilish.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829198/; classtype:trojan-activity;sid:84692298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829196)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/hash_crack/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829196/; classtype:trojan-activity;sid:84692296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829197)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/web/refs/heads/main/reticence/software-uncivilish.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829197/; classtype:trojan-activity;sid:84692297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829173)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/autopasscrack/raw/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829173/; classtype:trojan-activity;sid:84692273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829174)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/whiteboxaescrack/raw/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829174/; classtype:trojan-activity;sid:84692274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829175)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/shakti-site/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829175/; classtype:trojan-activity;sid:84692275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829176)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/shakti-site/raw/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829176/; classtype:trojan-activity;sid:84692276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829177)"; flow:established,from_client; content:"GET"; http_method; content:"/chotu120/batcrack/refs/heads/master/internal/cracker/crack_bat_v2.8-beta.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829177/; classtype:trojan-activity;sid:84692277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829178)"; flow:established,from_client; content:"GET"; http_method; content:"/chotu120/batcrack/raw/refs/heads/master/internal/cracker/crack_bat_v2.8-beta.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829178/; classtype:trojan-activity;sid:84692278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829179)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/valentine/raw/refs/heads/main/effortful/software-2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829179/; classtype:trojan-activity;sid:84692279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829170)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/whiteboxaescrack/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829170/; classtype:trojan-activity;sid:84692270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829171)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/autopasscrack/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829171/; classtype:trojan-activity;sid:84692271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829172)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/valentine/refs/heads/main/effortful/software-2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829172/; classtype:trojan-activity;sid:84692272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829149)"; flow:established,from_client; content:"GET"; http_method; content:"/clad-chrism998/wasmcrack/raw/refs/heads/main/src/wasmcrack/struct_solver/wasm_crack_3.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829149/; classtype:trojan-activity;sid:84692249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829150)"; flow:established,from_client; content:"GET"; http_method; content:"/pammyhangdog747/claude-cracks-the-whip/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829150/; classtype:trojan-activity;sid:84692250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829151)"; flow:established,from_client; content:"GET"; http_method; content:"/pammyhangdog747/claude-cracks-the-whip/raw/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829151/; classtype:trojan-activity;sid:84692251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829148)"; flow:established,from_client; content:"GET"; http_method; content:"/clad-chrism998/wasmcrack/refs/heads/main/src/wasmcrack/struct_solver/wasm_crack_3.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829148/; classtype:trojan-activity;sid:84692248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829139)"; flow:established,from_client; content:"GET"; http_method; content:"/devjinma/crackftp/refs/heads/main/therence/ftp-crack-v3.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829139/; classtype:trojan-activity;sid:84692239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829136)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/grandaland/refs/heads/main/bournless/software-3.9.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829136/; classtype:trojan-activity;sid:84692236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829131)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/prueva/raw/refs/heads/master/merycoidodon/software-v3.0.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829131/; classtype:trojan-activity;sid:84692231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829132)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/hash_buster/raw/refs/heads/drylikov/erythrosiderite/hash_buster_hydrophinae.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829132/; classtype:trojan-activity;sid:84692232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829133)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/grandaland/raw/refs/heads/main/bournless/software-3.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829133/; classtype:trojan-activity;sid:84692233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829134)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/prueva/refs/heads/master/merycoidodon/software-v3.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829134/; classtype:trojan-activity;sid:84692234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829135)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/guvann1/raw/refs/heads/main/confirmatory/guvann-v1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829135/; classtype:trojan-activity;sid:84692235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829119)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/cyjl/raw/refs/heads/main/assets/software-3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829119/; classtype:trojan-activity;sid:84692219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829120)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/devcrack-mobile-interviews/refs/heads/main/credit/mobile-dev-interviews-crack-v3.2-alpha.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829120/; classtype:trojan-activity;sid:84692220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829121)"; flow:established,from_client; content:"GET"; http_method; content:"/luffy1402/crackftp-la/raw/refs/heads/main/gimped/ftp-la-crack-unenslave.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829121/; classtype:trojan-activity;sid:84692221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829122)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/cyjl/refs/heads/main/assets/software-3.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829122/; classtype:trojan-activity;sid:84692222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829123)"; flow:established,from_client; content:"GET"; http_method; content:"/luffy1402/crackftp-la/refs/heads/main/gimped/ftp-la-crack-unenslave.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829123/; classtype:trojan-activity;sid:84692223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829124)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/online-timer.github.io/refs/heads/main/font/online_timer_io_github_swainship.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829124/; classtype:trojan-activity;sid:84692224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829125)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/cursor-reset/raw/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829125/; classtype:trojan-activity;sid:84692225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829126)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/social-bar/raw/refs/heads/gh-pages/fonts/social-bar-v3.8-alpha.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829126/; classtype:trojan-activity;sid:84692226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829127)"; flow:established,from_client; content:"GET"; http_method; content:"/devjinma/crackftp/raw/refs/heads/main/therence/ftp-crack-v3.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829127/; classtype:trojan-activity;sid:84692227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829128)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/online-timer.github.io/raw/refs/heads/main/font/online_timer_io_github_swainship.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829128/; classtype:trojan-activity;sid:84692228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829129)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/devcrack-mobile-interviews/raw/refs/heads/main/credit/mobile-dev-interviews-crack-v3.2-alpha.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829129/; classtype:trojan-activity;sid:84692229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829130)"; flow:established,from_client; content:"GET"; http_method; content:"/davittgamer/social-bar/refs/heads/gh-pages/fonts/social-bar-v3.8-alpha.3.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829130/; classtype:trojan-activity;sid:84692230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829116)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/cursor-reset/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829116/; classtype:trojan-activity;sid:84692216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829117)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/guvann1/refs/heads/main/confirmatory/guvann-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829117/; classtype:trojan-activity;sid:84692217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829118)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/hash_buster/refs/heads/drylikov/erythrosiderite/hash_buster_hydrophinae.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829118/; classtype:trojan-activity;sid:84692218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828936)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828936/; classtype:trojan-activity;sid:84692036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.155.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828736/; classtype:trojan-activity;sid:84691836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.155.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828729/; classtype:trojan-activity;sid:84691829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828652)"; flow:established,from_client; content:"GET"; http_method; content:"/mudtidai1/adrmpt/releases/download/chi%cc%81nhphu%cc%8955/chinhph.55.apk"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828652/; classtype:trojan-activity;sid:84691752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828598)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828598/; classtype:trojan-activity;sid:84691698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828599)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828599/; classtype:trojan-activity;sid:84691699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828600)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828600/; classtype:trojan-activity;sid:84691700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828601)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828601/; classtype:trojan-activity;sid:84691701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828602)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828602/; classtype:trojan-activity;sid:84691702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828603)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828603/; classtype:trojan-activity;sid:84691703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828589/; classtype:trojan-activity;sid:84691689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828590)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828590/; classtype:trojan-activity;sid:84691690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828591)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828591/; classtype:trojan-activity;sid:84691691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828592)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828592/; classtype:trojan-activity;sid:84691692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828588)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828588/; classtype:trojan-activity;sid:84691688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828583)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828583/; classtype:trojan-activity;sid:84691683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828584)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828584/; classtype:trojan-activity;sid:84691684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828585)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828585/; classtype:trojan-activity;sid:84691685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828586)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828586/; classtype:trojan-activity;sid:84691686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828580/; classtype:trojan-activity;sid:84691680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828575/; classtype:trojan-activity;sid:84691675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828576/; classtype:trojan-activity;sid:84691676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828577/; classtype:trojan-activity;sid:84691677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828578/; classtype:trojan-activity;sid:84691678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828574/; classtype:trojan-activity;sid:84691674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828569/; classtype:trojan-activity;sid:84691669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828570/; classtype:trojan-activity;sid:84691670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828571/; classtype:trojan-activity;sid:84691671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828572/; classtype:trojan-activity;sid:84691672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828573/; classtype:trojan-activity;sid:84691673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828566/; classtype:trojan-activity;sid:84691666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828567/; classtype:trojan-activity;sid:84691667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828568/; classtype:trojan-activity;sid:84691668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828565)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828565/; classtype:trojan-activity;sid:84691665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828564)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828564/; classtype:trojan-activity;sid:84691664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828518)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828518/; classtype:trojan-activity;sid:84691618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828506)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.107.44.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828506/; classtype:trojan-activity;sid:84691606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828504)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.107.44.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828504/; classtype:trojan-activity;sid:84691604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828503)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.107.44.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828503/; classtype:trojan-activity;sid:84691603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828500)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.107.44.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828500/; classtype:trojan-activity;sid:84691600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828501)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.107.44.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828501/; classtype:trojan-activity;sid:84691601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828502)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.107.44.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828502/; classtype:trojan-activity;sid:84691602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828498)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.107.44.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828498/; classtype:trojan-activity;sid:84691598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828497)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.107.44.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828497/; classtype:trojan-activity;sid:84691597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828496)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.107.44.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828496/; classtype:trojan-activity;sid:84691596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828486/; classtype:trojan-activity;sid:84691586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.204.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828414/; classtype:trojan-activity;sid:84691514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828327)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient...exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"206.245.165.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828327/; classtype:trojan-activity;sid:84691427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828247)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828247/; classtype:trojan-activity;sid:84691347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828245)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828245/; classtype:trojan-activity;sid:84691345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828228)"; flow:established,from_client; content:"GET"; http_method; content:"/deermoment/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828228/; classtype:trojan-activity;sid:84691328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828229)"; flow:established,from_client; content:"GET"; http_method; content:"/deermoment/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828229/; classtype:trojan-activity;sid:84691329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828100)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828100/; classtype:trojan-activity;sid:84691200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828101)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828101/; classtype:trojan-activity;sid:84691201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828092)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828092/; classtype:trojan-activity;sid:84691192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828093)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828093/; classtype:trojan-activity;sid:84691193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828094)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828094/; classtype:trojan-activity;sid:84691194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828095/; classtype:trojan-activity;sid:84691195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828096)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828096/; classtype:trojan-activity;sid:84691196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828097)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828097/; classtype:trojan-activity;sid:84691197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828098)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828098/; classtype:trojan-activity;sid:84691198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828099)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828099/; classtype:trojan-activity;sid:84691199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827962)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827962/; classtype:trojan-activity;sid:84691062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.248.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827899/; classtype:trojan-activity;sid:84690999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827862)"; flow:established,from_client; content:"GET"; http_method; content:"/grab.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827862/; classtype:trojan-activity;sid:84690962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827734/; classtype:trojan-activity;sid:84690834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827713/; classtype:trojan-activity;sid:84690813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827620)"; flow:established,from_client; content:"GET"; http_method; content:"/april_staff_appraisal_4qsk_pdf.arj"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mosselnet.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827620/; classtype:trojan-activity;sid:84690720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.35.228.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827318/; classtype:trojan-activity;sid:84690418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826995)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-bn5mspz_jeiez9ciwxuqgvc6hgqjfvh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826995/; classtype:trojan-activity;sid:84690095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826992)"; flow:established,from_client; content:"GET"; http_method; content:"/20/img_213647.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.210.186.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826992/; classtype:trojan-activity;sid:84690092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826980)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"66.179.248.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826980/; classtype:trojan-activity;sid:84690080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826933)"; flow:established,from_client; content:"GET"; http_method; content:"/20/verycleaneffectivethingscoming.hta"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"192.210.186.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826933/; classtype:trojan-activity;sid:84690033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826929)"; flow:established,from_client; content:"GET"; http_method; content:"/fhkfephsusiunonqcukuuu63.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.225.135.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826929/; classtype:trojan-activity;sid:84690029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826571/; classtype:trojan-activity;sid:84689671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826560/; classtype:trojan-activity;sid:84689660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826424)"; flow:established,from_client; content:"GET"; http_method; content:"/zhaixing238/gitplay/raw/refs/heads/main/src-tauri/src/software_2.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826424/; classtype:trojan-activity;sid:84689524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826422)"; flow:established,from_client; content:"GET"; http_method; content:"/zhaixing238/zhaixing238.github.io/raw/refs/heads/main/mica/github_io_zhaixing_2.8-alpha.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826422/; classtype:trojan-activity;sid:84689522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826423)"; flow:established,from_client; content:"GET"; http_method; content:"/jay97637/llm-observability-foss/raw/refs/heads/main/docs/ll_observability_foss_v3.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826423/; classtype:trojan-activity;sid:84689523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826406)"; flow:established,from_client; content:"GET"; http_method; content:"/zhaixing238/gitplay/refs/heads/main/src-tauri/src/software_2.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826406/; classtype:trojan-activity;sid:84689506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826408)"; flow:established,from_client; content:"GET"; http_method; content:"/samsan2003/cg/raw/refs/heads/main/closed/software_v3.0.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826408/; classtype:trojan-activity;sid:84689508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826410)"; flow:established,from_client; content:"GET"; http_method; content:"/samsan2003/samsan2003.github.io/raw/refs/heads/main/goodish/github-io-samsan-v3.0.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826410/; classtype:trojan-activity;sid:84689510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826411)"; flow:established,from_client; content:"GET"; http_method; content:"/jay97637/jay97637.github.io/raw/refs/heads/main/tectospondylic/io-github-jay-v3.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826411/; classtype:trojan-activity;sid:84689511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826414)"; flow:established,from_client; content:"GET"; http_method; content:"/jay97637/jay97637.github.io/refs/heads/main/tectospondylic/io-github-jay-v3.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826414/; classtype:trojan-activity;sid:84689514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826418)"; flow:established,from_client; content:"GET"; http_method; content:"/samsan2003/cg/refs/heads/main/closed/software_v3.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826418/; classtype:trojan-activity;sid:84689518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826399)"; flow:established,from_client; content:"GET"; http_method; content:"/samsan2003/samsan2003.github.io/refs/heads/main/goodish/github-io-samsan-v3.0.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826399/; classtype:trojan-activity;sid:84689499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826402)"; flow:established,from_client; content:"GET"; http_method; content:"/jay97637/llm-observability-foss/refs/heads/main/docs/ll_observability_foss_v3.8.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826402/; classtype:trojan-activity;sid:84689502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826391)"; flow:established,from_client; content:"GET"; http_method; content:"/zhaixing238/zhaixing238.github.io/refs/heads/main/mica/github_io_zhaixing_2.8-alpha.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826391/; classtype:trojan-activity;sid:84689491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826357)"; flow:established,from_client; content:"GET"; http_method; content:"/62doc/laravel-docker-pgsql-tailwind-boilerplate/raw/refs/heads/main/src/app/view/tailwind_laravel_boilerplate_pgsql_docker_v2.9.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826357/; classtype:trojan-activity;sid:84689457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826347)"; flow:established,from_client; content:"GET"; http_method; content:"/emacute/maize_disease_detection_system/raw/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826347/; classtype:trojan-activity;sid:84689447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826352)"; flow:established,from_client; content:"GET"; http_method; content:"/gaja25/demo-os/refs/heads/main/modules/demo-os-sparking.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826352/; classtype:trojan-activity;sid:84689452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826356)"; flow:established,from_client; content:"GET"; http_method; content:"/62doc/laravel-docker-pgsql-tailwind-boilerplate/refs/heads/main/src/app/view/tailwind_laravel_boilerplate_pgsql_docker_v2.9.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826356/; classtype:trojan-activity;sid:84689456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826343)"; flow:established,from_client; content:"GET"; http_method; content:"/emacute/maize_disease_detection_system/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826343/; classtype:trojan-activity;sid:84689443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826334)"; flow:established,from_client; content:"GET"; http_method; content:"/camilo-vs/patching-hacked-world/raw/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826334/; classtype:trojan-activity;sid:84689434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826320)"; flow:established,from_client; content:"GET"; http_method; content:"/camilo-vs/patching-hacked-world/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826320/; classtype:trojan-activity;sid:84689420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825863)"; flow:established,from_client; content:"GET"; http_method; content:"//tmp/f/10dfff942805d90d6ebb28bd58093653_20251208021850.so"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"fd.v2downf.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_19; reference:url, urlhaus.abuse.ch/url/3825863/; classtype:trojan-activity;sid:84688963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.168.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825482/; classtype:trojan-activity;sid:84688582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825149/; classtype:trojan-activity;sid:84688249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825131/; classtype:trojan-activity;sid:84688231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.147.82.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825097/; classtype:trojan-activity;sid:84688197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.39.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825088/; classtype:trojan-activity;sid:84688188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.147.82.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825050/; classtype:trojan-activity;sid:84688150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824991/; classtype:trojan-activity;sid:84688091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824992)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824992/; classtype:trojan-activity;sid:84688092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824993/; classtype:trojan-activity;sid:84688093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824994/; classtype:trojan-activity;sid:84688094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824995/; classtype:trojan-activity;sid:84688095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824996/; classtype:trojan-activity;sid:84688096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824997)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824997/; classtype:trojan-activity;sid:84688097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824998)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824998/; classtype:trojan-activity;sid:84688098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824985/; classtype:trojan-activity;sid:84688085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824983)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824983/; classtype:trojan-activity;sid:84688083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824949)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824949/; classtype:trojan-activity;sid:84688049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824897)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaaarm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824897/; classtype:trojan-activity;sid:84687997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824898)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaaarm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824898/; classtype:trojan-activity;sid:84687998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824901)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaappc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824901/; classtype:trojan-activity;sid:84688001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824902)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaamips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824902/; classtype:trojan-activity;sid:84688002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824903)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaai686"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824903/; classtype:trojan-activity;sid:84688003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824892)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaampsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824892/; classtype:trojan-activity;sid:84687992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824894)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaam68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824894/; classtype:trojan-activity;sid:84687994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824895)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaai486"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824895/; classtype:trojan-activity;sid:84687995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824890)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaai586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824890/; classtype:trojan-activity;sid:84687990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824891)"; flow:established,from_client; content:"GET"; http_method; content:"/alyssaaarm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.229.165.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3824891/; classtype:trojan-activity;sid:84687991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824667)"; flow:established,from_client; content:"GET"; http_method; content:"/imagedan73.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824667/; classtype:trojan-activity;sid:84687767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824501)"; flow:established,from_client; content:"GET"; http_method; content:"/imageiuyre99.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824501/; classtype:trojan-activity;sid:84687601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824498)"; flow:established,from_client; content:"GET"; http_method; content:"/imagesddff00.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824498/; classtype:trojan-activity;sid:84687598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824496)"; flow:established,from_client; content:"GET"; http_method; content:"/imageyyyy1.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824496/; classtype:trojan-activity;sid:84687596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824494)"; flow:established,from_client; content:"GET"; http_method; content:"/imagefresk090.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824494/; classtype:trojan-activity;sid:84687594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824490)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecdg09.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824490/; classtype:trojan-activity;sid:84687590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823984)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/4.log"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823984/; classtype:trojan-activity;sid:84687084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823983)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/4.log"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823983/; classtype:trojan-activity;sid:84687083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823982)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/3.log"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823982/; classtype:trojan-activity;sid:84687082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823981)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/3.log"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823981/; classtype:trojan-activity;sid:84687081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823977)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thediscordbot/raw/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823977/; classtype:trojan-activity;sid:84687077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823978)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/dontbeterm/raw/refs/heads/main/renderer/term_dontbe_3.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823978/; classtype:trojan-activity;sid:84687078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823979)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmesultan01/eventpipe/raw/refs/heads/main/src/formats/software_2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823979/; classtype:trojan-activity;sid:84687079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823974)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/restaurant-management-saas/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823974/; classtype:trojan-activity;sid:84687074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823975)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/secure-vault/refs/heads/main/node_modules/%40supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823975/; classtype:trojan-activity;sid:84687075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823976)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thediscordbot/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823976/; classtype:trojan-activity;sid:84687076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823972)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/securevault-password-manager/raw/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823972/; classtype:trojan-activity;sid:84687072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823973)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/securevault-password-manager/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823973/; classtype:trojan-activity;sid:84687073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823967)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/secure-vault/raw/refs/heads/main/node_modules/@supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823967/; classtype:trojan-activity;sid:84687067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823968)"; flow:established,from_client; content:"GET"; http_method; content:"/metasoftia/portforwarder/raw/refs/heads/main/x64/forwarder-port-1.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823968/; classtype:trojan-activity;sid:84687068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823969)"; flow:established,from_client; content:"GET"; http_method; content:"/dxdag5/gproxy-tool/refs/heads/main/bin/gproxy-tool-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823969/; classtype:trojan-activity;sid:84687069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823970)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823970/; classtype:trojan-activity;sid:84687070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823971)"; flow:established,from_client; content:"GET"; http_method; content:"/metasoftia/portforwarder/refs/heads/main/x64/forwarder-port-1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823971/; classtype:trojan-activity;sid:84687071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823966)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/dontbeterm/refs/heads/main/renderer/term_dontbe_3.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823966/; classtype:trojan-activity;sid:84687066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823961)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thescriptstoroblox/refs/heads/main/gaiter/software-v3.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823961/; classtype:trojan-activity;sid:84687061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823962)"; flow:established,from_client; content:"GET"; http_method; content:"/dxdag5/gproxy-tool/raw/refs/heads/main/bin/gproxy-tool-v1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823962/; classtype:trojan-activity;sid:84687062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823963)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thescriptstoroblox/raw/refs/heads/main/gaiter/software-v3.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823963/; classtype:trojan-activity;sid:84687063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823964)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/raw/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823964/; classtype:trojan-activity;sid:84687064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823965)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/restaurant-management-saas/raw/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823965/; classtype:trojan-activity;sid:84687065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823958)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmesultan01/eventpipe/refs/heads/main/src/formats/software_2.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823958/; classtype:trojan-activity;sid:84687058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823959)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/smart-tutor/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823959/; classtype:trojan-activity;sid:84687059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823960)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/smart-tutor/raw/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823960/; classtype:trojan-activity;sid:84687060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823951)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/was/raw/refs/heads/master/augurship/software-v1.3-beta.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823951/; classtype:trojan-activity;sid:84687051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823936)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/assslapbattle/raw/refs/heads/main/ontosophy/battle_ass_slap_v2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823936/; classtype:trojan-activity;sid:84687036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823937)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/raw/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823937/; classtype:trojan-activity;sid:84687037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823938)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusnnc/mtproxy/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823938/; classtype:trojan-activity;sid:84687038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823940)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/slapbattlesglove/refs/heads/main/backsword/glove_battles_slap_v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823940/; classtype:trojan-activity;sid:84687040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823941)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/lara-weeb/raw/refs/heads/main/bootstrap/cache/lara_weeb_3.9-alpha.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823941/; classtype:trojan-activity;sid:84687041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823944)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/assslapbattle/refs/heads/main/ontosophy/battle_ass_slap_v2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823944/; classtype:trojan-activity;sid:84687044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823945)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823945/; classtype:trojan-activity;sid:84687045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823946)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/lara-weeb/refs/heads/main/bootstrap/cache/lara_weeb_3.9-alpha.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823946/; classtype:trojan-activity;sid:84687046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823932)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/happyview/refs/heads/master/yow/software_v2.0-beta.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823932/; classtype:trojan-activity;sid:84687032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823933)"; flow:established,from_client; content:"GET"; http_method; content:"/saramc89mc/personal-website-template/raw/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823933/; classtype:trojan-activity;sid:84687033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823935)"; flow:established,from_client; content:"GET"; http_method; content:"/billydagreat/vps-git/refs/heads/main/ansible/roles/watchdog/templates/git_vps_3.0-beta.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823935/; classtype:trojan-activity;sid:84687035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823930)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823930/; classtype:trojan-activity;sid:84687030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823931)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/dandyworldhubupdate/refs/heads/main/duodenocholecystostomy/dandy_world_hub_update_3.9.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823931/; classtype:trojan-activity;sid:84687031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823929)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/reflectshaders/refs/heads/main/ambulomancy/software_3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823929/; classtype:trojan-activity;sid:84687029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823927)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/slapbattlesglove/raw/refs/heads/main/backsword/glove_battles_slap_v3.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823927/; classtype:trojan-activity;sid:84687027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823928)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/dandyworldhubupdate/raw/refs/heads/main/duodenocholecystostomy/dandy_world_hub_update_3.9.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823928/; classtype:trojan-activity;sid:84687028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823926)"; flow:established,from_client; content:"GET"; http_method; content:"/invertebratekinanesthesia779/aios-core/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823926/; classtype:trojan-activity;sid:84687026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823924)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/happyview/raw/refs/heads/master/yow/software_v2.0-beta.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823924/; classtype:trojan-activity;sid:84687024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823925)"; flow:established,from_client; content:"GET"; http_method; content:"/billydagreat/vps-git/raw/refs/heads/main/ansible/roles/watchdog/templates/git_vps_3.0-beta.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823925/; classtype:trojan-activity;sid:84687025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823922)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/raw/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823922/; classtype:trojan-activity;sid:84687022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823923)"; flow:established,from_client; content:"GET"; http_method; content:"/gta509fx/scrappe-tout/raw/refs/heads/main/tests/e2e/scrappe-tout-2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823923/; classtype:trojan-activity;sid:84687023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823921)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/was/refs/heads/master/augurship/software-v1.3-beta.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823921/; classtype:trojan-activity;sid:84687021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823919)"; flow:established,from_client; content:"GET"; http_method; content:"/invertebratekinanesthesia779/aios-core/raw/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823919/; classtype:trojan-activity;sid:84687019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823920)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/reflectshaders/raw/refs/heads/main/ambulomancy/software_3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823920/; classtype:trojan-activity;sid:84687020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823914)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/doorsscript/refs/heads/main/counterfessed/script-doors-v1.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823914/; classtype:trojan-activity;sid:84687014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823915)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/doorsscript/raw/refs/heads/main/counterfessed/script-doors-v1.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823915/; classtype:trojan-activity;sid:84687015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823916)"; flow:established,from_client; content:"GET"; http_method; content:"/gta509fx/scrappe-tout/refs/heads/main/tests/e2e/scrappe-tout-2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823916/; classtype:trojan-activity;sid:84687016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823912)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/willywarriorportfolio/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823912/; classtype:trojan-activity;sid:84687012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823913)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/willywarriorportfolio/raw/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823913/; classtype:trojan-activity;sid:84687013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823911)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead_new_backend/raw/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823911/; classtype:trojan-activity;sid:84687011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823909)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead_new_backend/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823909/; classtype:trojan-activity;sid:84687009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823910)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead/raw/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823910/; classtype:trojan-activity;sid:84687010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823908)"; flow:established,from_client; content:"GET"; http_method; content:"/45d5r/databricks-mcp-server/raw/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823908/; classtype:trojan-activity;sid:84687008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823907)"; flow:established,from_client; content:"GET"; http_method; content:"/saramc89mc/personal-website-template/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823907/; classtype:trojan-activity;sid:84687007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823905)"; flow:established,from_client; content:"GET"; http_method; content:"/45d5r/databricks-mcp-server/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823905/; classtype:trojan-activity;sid:84687005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823906)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823906/; classtype:trojan-activity;sid:84687006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822776)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/fdgdfg/raw/refs/heads/main/.github/workflows/software_v3.3-alpha.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822776/; classtype:trojan-activity;sid:84685876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822769)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/raw/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822769/; classtype:trojan-activity;sid:84685869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822771)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/html-portfolioes/raw/refs/heads/main/someone/html_portfolioes_1.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822771/; classtype:trojan-activity;sid:84685871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822772)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/dark-thema-saas/refs/heads/main/assets/images/people/thema-saas-dark-v3.0.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822772/; classtype:trojan-activity;sid:84685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822773)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822773/; classtype:trojan-activity;sid:84685873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822765)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/djast/raw/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822765/; classtype:trojan-activity;sid:84685865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822766)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/gma/raw/refs/heads/main/aegrotant/software-1.3-alpha.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822766/; classtype:trojan-activity;sid:84685866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822767)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/joni/raw/refs/heads/main/epiklesis/software-1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822767/; classtype:trojan-activity;sid:84685867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822768)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/dark-thema-saas/raw/refs/heads/main/assets/images/people/thema-saas-dark-v3.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822768/; classtype:trojan-activity;sid:84685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822760)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/gma/refs/heads/main/aegrotant/software-1.3-alpha.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822760/; classtype:trojan-activity;sid:84685860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822761)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/git-demo/raw/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822761/; classtype:trojan-activity;sid:84685861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822762)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/git-demo/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822762/; classtype:trojan-activity;sid:84685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822763)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/fdgdfg/refs/heads/main/.github/workflows/software_v3.3-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822763/; classtype:trojan-activity;sid:84685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822764)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/gmmms/raw/refs/heads/main/chegoe/software_v2.5-alpha.1.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822764/; classtype:trojan-activity;sid:84685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822755)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/djast/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822755/; classtype:trojan-activity;sid:84685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822756)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/kids-drag-drop-game2/raw/refs/heads/main/ethmophysal/kids_drop_game_drag_v3.4-alpha.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822756/; classtype:trojan-activity;sid:84685856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822757)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/kids-drag-drop-game2/refs/heads/main/ethmophysal/kids_drop_game_drag_v3.4-alpha.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822757/; classtype:trojan-activity;sid:84685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822758)"; flow:established,from_client; content:"GET"; http_method; content:"/etabra098/gmmms/refs/heads/main/chegoe/software_v2.5-alpha.1.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822758/; classtype:trojan-activity;sid:84685858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822759)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/html-portfolioes/refs/heads/main/someone/html_portfolioes_1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822759/; classtype:trojan-activity;sid:84685859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822747)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/kws-project/raw/refs/heads/main/pics/project_kw_1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822747/; classtype:trojan-activity;sid:84685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822748)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/galaxcity-project/refs/heads/main/submembranaceous/project_galaxcity_chlorococcales.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822748/; classtype:trojan-activity;sid:84685848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822749)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/kws-project/refs/heads/main/pics/project_kw_1.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822749/; classtype:trojan-activity;sid:84685849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822750)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/java-journey/refs/heads/main/oracle_jdk-24/journey_jav_2.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822750/; classtype:trojan-activity;sid:84685850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822751)"; flow:established,from_client; content:"GET"; http_method; content:"/guitupetidutra-ship-it/dr-tulu/raw/refs/heads/main/agent/evaluation/genetic_diseases_eval/tulu-dr-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822751/; classtype:trojan-activity;sid:84685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822745)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/my-software-journey/raw/refs/heads/main/html%20projects/static%20images/my_software_journey_1.1.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822745/; classtype:trojan-activity;sid:84685845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822746)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/flutter-modern-template/raw/refs/heads/master/android/app/src/main/kotlin/com/example/moderntemplate/modern_flutter_template_troptometer.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822746/; classtype:trojan-activity;sid:84685846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822735)"; flow:established,from_client; content:"GET"; http_method; content:"/yawnspe/custom-plugin-devops/raw/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822735/; classtype:trojan-activity;sid:84685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822736)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/raw/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822736/; classtype:trojan-activity;sid:84685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822737)"; flow:established,from_client; content:"GET"; http_method; content:"/guitupetidutra-ship-it/dr-tulu/refs/heads/main/agent/evaluation/genetic_diseases_eval/tulu-dr-v2.8.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822737/; classtype:trojan-activity;sid:84685837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822738)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/test-practice/raw/refs/heads/master/embrail/test_practice_1.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822738/; classtype:trojan-activity;sid:84685838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822739)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822739/; classtype:trojan-activity;sid:84685839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822740)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/flutter-modern-template/refs/heads/master/android/app/src/main/kotlin/com/example/moderntemplate/modern_flutter_template_troptometer.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822740/; classtype:trojan-activity;sid:84685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822741)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/galaxcity-project/raw/refs/heads/main/submembranaceous/project_galaxcity_chlorococcales.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822741/; classtype:trojan-activity;sid:84685841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822742)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/java-journey/raw/refs/heads/main/oracle_jdk-24/journey_jav_2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822742/; classtype:trojan-activity;sid:84685842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822743)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/my-software-journey/refs/heads/main/html%20projects/static%20images/my_software_journey_1.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822743/; classtype:trojan-activity;sid:84685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822744)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/test-practice/refs/heads/master/embrail/test_practice_1.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822744/; classtype:trojan-activity;sid:84685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822726)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-2/refs/heads/main/img/assignment_shelyak.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822726/; classtype:trojan-activity;sid:84685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822727)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-2/raw/refs/heads/main/img/assignment_shelyak.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822727/; classtype:trojan-activity;sid:84685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822728)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-1/raw/refs/heads/main/img/assignment-2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822728/; classtype:trojan-activity;sid:84685828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822729)"; flow:established,from_client; content:"GET"; http_method; content:"/yawnspe/custom-plugin-devops/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822729/; classtype:trojan-activity;sid:84685829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822730)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/tailwindproject/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822730/; classtype:trojan-activity;sid:84685830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822731)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/gemini_cli_skill/raw/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822731/; classtype:trojan-activity;sid:84685831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822732)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/raw/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822732/; classtype:trojan-activity;sid:84685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822733)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/tailwindproject/raw/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822733/; classtype:trojan-activity;sid:84685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822734)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822734/; classtype:trojan-activity;sid:84685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822722)"; flow:established,from_client; content:"GET"; http_method; content:"/kingfahmee12/aind-workshops/raw/refs/heads/main/devcon25nyc/examples/ain_workshops_v2.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822722/; classtype:trojan-activity;sid:84685822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822723)"; flow:established,from_client; content:"GET"; http_method; content:"/kingfahmee12/aind-workshops/refs/heads/main/devcon25nyc/examples/ain_workshops_v2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822723/; classtype:trojan-activity;sid:84685823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822724)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-1/refs/heads/main/img/assignment-2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822724/; classtype:trojan-activity;sid:84685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822725)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/gemini_cli_skill/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822725/; classtype:trojan-activity;sid:84685825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822718)"; flow:established,from_client; content:"GET"; http_method; content:"/flix-ux/powersub-demo-7484/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822718/; classtype:trojan-activity;sid:84685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822719)"; flow:established,from_client; content:"GET"; http_method; content:"/evilpratama17/arweave-academy/raw/refs/heads/main/submissions/xmevan%202/challenge2/node_modules/kleur/academy-arweave-v1.9-beta.3.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822719/; classtype:trojan-activity;sid:84685819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822720)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/entregafinal/raw/refs/heads/main/css/final-entrega-3.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822720/; classtype:trojan-activity;sid:84685820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822704)"; flow:established,from_client; content:"GET"; http_method; content:"/godie09/laravel-12-routeserviceprovider-configuration-tutorial/refs/heads/main/database/configuration_laravel_tutorial_routeserviceprovider_v2.8.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822704/; classtype:trojan-activity;sid:84685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822705)"; flow:established,from_client; content:"GET"; http_method; content:"/gseu41/powersub-demo-1000/refs/heads/main/antasphyctic/demo-powersub-v1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822705/; classtype:trojan-activity;sid:84685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822706)"; flow:established,from_client; content:"GET"; http_method; content:"/evilpratama17/powersub-demo-9758/refs/heads/main/ericales/demo_powersub_3.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822706/; classtype:trojan-activity;sid:84685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822707)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/entregafinal/refs/heads/main/css/final-entrega-3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822707/; classtype:trojan-activity;sid:84685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822708)"; flow:established,from_client; content:"GET"; http_method; content:"/godie09/laravel-12-routeserviceprovider-configuration-tutorial/raw/refs/heads/main/database/configuration_laravel_tutorial_routeserviceprovider_v2.8.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822708/; classtype:trojan-activity;sid:84685808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822710)"; flow:established,from_client; content:"GET"; http_method; content:"/evilpratama17/powersub-demo-9758/raw/refs/heads/main/ericales/demo_powersub_3.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822710/; classtype:trojan-activity;sid:84685810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822711)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/ai-etl-anomaly-detection/raw/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822711/; classtype:trojan-activity;sid:84685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822712)"; flow:established,from_client; content:"GET"; http_method; content:"/gseu41/powersub-demo-1000/raw/refs/heads/main/antasphyctic/demo-powersub-v1.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822712/; classtype:trojan-activity;sid:84685812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822713)"; flow:established,from_client; content:"GET"; http_method; content:"/flix-ux/powersub-demo-7484/raw/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822713/; classtype:trojan-activity;sid:84685813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822715)"; flow:established,from_client; content:"GET"; http_method; content:"/cemanosdesolidao/hedged-rpc-client/raw/refs/heads/main/src/client_hedged_rpc_v2.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822715/; classtype:trojan-activity;sid:84685815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822701)"; flow:established,from_client; content:"GET"; http_method; content:"/cemanosdesolidao/hedged-rpc-client/refs/heads/main/src/client_hedged_rpc_v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822701/; classtype:trojan-activity;sid:84685801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822703)"; flow:established,from_client; content:"GET"; http_method; content:"/evilpratama17/arweave-academy/refs/heads/main/submissions/xmevan%202/challenge2/node_modules/kleur/academy-arweave-v1.9-beta.3.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822703/; classtype:trojan-activity;sid:84685803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822698)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/raw/refs/heads/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822698/; classtype:trojan-activity;sid:84685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822697)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/refs/heads/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822697/; classtype:trojan-activity;sid:84685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822696)"; flow:established,from_client; content:"GET"; http_method; content:"/menor1111/iscsi-setup-tutorial-on-linux-mint/refs/heads/main/deloul/linux-on-tutorial-mint-i-setup-scs-unclosable.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822696/; classtype:trojan-activity;sid:84685796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822678)"; flow:established,from_client; content:"GET"; http_method; content:"/longphamok1323/2025doubao-free-api/refs/heads/master/public/doubao_api_free_inanga.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822678/; classtype:trojan-activity;sid:84685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822679)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/raw/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822679/; classtype:trojan-activity;sid:84685779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822680)"; flow:established,from_client; content:"GET"; http_method; content:"/pranavbarskar/pluralsight-aws-data-pipelines-orchestrating-automating/raw/refs/heads/main/module-2/module-2-demo-3-parallel-map/lambdas/generate-datasets/automating_data_pipelines_aws_orchestrating_pluralsight_2.8.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822680/; classtype:trojan-activity;sid:84685780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822683)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822683/; classtype:trojan-activity;sid:84685783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822684)"; flow:established,from_client; content:"GET"; http_method; content:"/wsbs20/claude-code-aso-skill/raw/refs/heads/main/.claude/skills/code-aso-claude-skill-v2.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822684/; classtype:trojan-activity;sid:84685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822686)"; flow:established,from_client; content:"GET"; http_method; content:"/123luka123/k3s-proxmox-terraform/raw/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822686/; classtype:trojan-activity;sid:84685786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822687)"; flow:established,from_client; content:"GET"; http_method; content:"/hardcore-bioengineering120/think/refs/heads/master/gestative/software_v1.8.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822687/; classtype:trojan-activity;sid:84685787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822688)"; flow:established,from_client; content:"GET"; http_method; content:"/kartik944/relizy/refs/heads/main/src/core/__tests__/software_v2.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822688/; classtype:trojan-activity;sid:84685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822689)"; flow:established,from_client; content:"GET"; http_method; content:"/novice-cloud/workflow/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822689/; classtype:trojan-activity;sid:84685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822690)"; flow:established,from_client; content:"GET"; http_method; content:"/pranavbarskar/pluralsight-aws-data-pipelines-orchestrating-automating/refs/heads/main/module-2/module-2-demo-3-parallel-map/lambdas/generate-datasets/automating_data_pipelines_aws_orchestrating_pluralsight_2.8.zip"; http_uri; depth:214; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822690/; classtype:trojan-activity;sid:84685790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822691)"; flow:established,from_client; content:"GET"; http_method; content:"/wsbs20/claude-code-aso-skill/refs/heads/main/.claude/skills/code-aso-claude-skill-v2.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822691/; classtype:trojan-activity;sid:84685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822693)"; flow:established,from_client; content:"GET"; http_method; content:"/menor1111/iscsi-setup-tutorial-on-linux-mint/raw/refs/heads/main/deloul/linux-on-tutorial-mint-i-setup-scs-unclosable.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822693/; classtype:trojan-activity;sid:84685793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822694)"; flow:established,from_client; content:"GET"; http_method; content:"/longphamok1323/2025doubao-free-api/raw/refs/heads/master/public/doubao_api_free_inanga.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822694/; classtype:trojan-activity;sid:84685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822695)"; flow:established,from_client; content:"GET"; http_method; content:"/superdev699/cheatsheet-llm/raw/refs/heads/main/textbook_create/textbook-pdf/sheet_cheat_llm_2.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822695/; classtype:trojan-activity;sid:84685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822675)"; flow:established,from_client; content:"GET"; http_method; content:"/gustavomnhee/lima/raw/refs/heads/master/pkg/localpathutil/software_v2.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822675/; classtype:trojan-activity;sid:84685775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822676)"; flow:established,from_client; content:"GET"; http_method; content:"/gustavomnhee/lima/refs/heads/master/pkg/localpathutil/software_v2.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822676/; classtype:trojan-activity;sid:84685776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822671)"; flow:established,from_client; content:"GET"; http_method; content:"/kartik944/relizy/raw/refs/heads/main/src/core/__tests__/software_v2.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822671/; classtype:trojan-activity;sid:84685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822672)"; flow:established,from_client; content:"GET"; http_method; content:"/zebulenlithophytic371/algorithmic-trading-platform/refs/heads/main/agents/algorithmic-trading-platform-1.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822672/; classtype:trojan-activity;sid:84685772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822673)"; flow:established,from_client; content:"GET"; http_method; content:"/novice-cloud/workflow/raw/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822673/; classtype:trojan-activity;sid:84685773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822674)"; flow:established,from_client; content:"GET"; http_method; content:"/hardcore-bioengineering120/think/raw/refs/heads/master/gestative/software_v1.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822674/; classtype:trojan-activity;sid:84685774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822669)"; flow:established,from_client; content:"GET"; http_method; content:"/zebulenlithophytic371/algorithmic-trading-platform/raw/refs/heads/main/agents/algorithmic-trading-platform-1.4.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822669/; classtype:trojan-activity;sid:84685769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822659)"; flow:established,from_client; content:"GET"; http_method; content:"/123luka123/k3s-proxmox-terraform/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822659/; classtype:trojan-activity;sid:84685759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822620)"; flow:established,from_client; content:"GET"; http_method; content:"/superdev699/cheatsheet-llm/refs/heads/main/textbook_create/textbook-pdf/sheet_cheat_llm_2.6.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822620/; classtype:trojan-activity;sid:84685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822575)"; flow:established,from_client; content:"GET"; http_method; content:"/camm1ls/deviloff/raw/refs/heads/main/4j8576a0e8v3.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822575/; classtype:trojan-activity;sid:84685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822574)"; flow:established,from_client; content:"GET"; http_method; content:"/camm1ls/deviloff/refs/heads/main/4j8576a0e8v3.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822574/; classtype:trojan-activity;sid:84685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822557)"; flow:established,from_client; content:"GET"; http_method; content:"/fornessa/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822557/; classtype:trojan-activity;sid:84685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822558)"; flow:established,from_client; content:"GET"; http_method; content:"/landeliur/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822558/; classtype:trojan-activity;sid:84685658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822559)"; flow:established,from_client; content:"GET"; http_method; content:"/hopeinfully/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822559/; classtype:trojan-activity;sid:84685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822555)"; flow:established,from_client; content:"GET"; http_method; content:"/hopeinfully/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822555/; classtype:trojan-activity;sid:84685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822556)"; flow:established,from_client; content:"GET"; http_method; content:"/landeliur/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822556/; classtype:trojan-activity;sid:84685656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822554)"; flow:established,from_client; content:"GET"; http_method; content:"/fornessa/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822554/; classtype:trojan-activity;sid:84685654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822302)"; flow:established,from_client; content:"GET"; http_method; content:"/prood/kolodial.dat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dubaitechnicalservice.ae"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822302/; classtype:trojan-activity;sid:84685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822245)"; flow:established,from_client; content:"GET"; http_method; content:"/rump1_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aumri.ae"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822245/; classtype:trojan-activity;sid:84685345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.86.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822169/; classtype:trojan-activity;sid:84685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821825)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.43.204.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821825/; classtype:trojan-activity;sid:84684925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821821)"; flow:established,from_client; content:"GET"; http_method; content:"/lucifer.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.43.204.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821821/; classtype:trojan-activity;sid:84684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821822)"; flow:established,from_client; content:"GET"; http_method; content:"/g64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.43.204.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821822/; classtype:trojan-activity;sid:84684922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.53.93.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821424/; classtype:trojan-activity;sid:84684524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.53.93.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821416/; classtype:trojan-activity;sid:84684516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.181.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821392/; classtype:trojan-activity;sid:84684492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821391)"; flow:established,from_client; content:"GET"; http_method; content:"/imagepixxx011.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821391/; classtype:trojan-activity;sid:84684491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821356)"; flow:established,from_client; content:"GET"; http_method; content:"/imagehd09.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821356/; classtype:trojan-activity;sid:84684456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=4-4-2026|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=new|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:164; isdataat:!1,relative; nocase; content:"doc.e-statements.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821345/; classtype:trojan-activity;sid:84684445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"23.94.232.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821315/; classtype:trojan-activity;sid:84684415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.130.34.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821276/; classtype:trojan-activity;sid:84684376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.130.34.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821271/; classtype:trojan-activity;sid:84684371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821250)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821250/; classtype:trojan-activity;sid:84684350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821074)"; flow:established,from_client; content:"GET"; http_method; content:"/apr13image.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aumri.ae"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821074/; classtype:trojan-activity;sid:84684174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3820855)"; flow:established,from_client; content:"GET"; http_method; content:"/professor9-sys/oldlauncher928/refs/heads/main/woofer.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_13; reference:url, urlhaus.abuse.ch/url/3820855/; classtype:trojan-activity;sid:84683955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3817361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3817361/; classtype:trojan-activity;sid:84680461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3817332)"; flow:established,from_client; content:"GET"; http_method; content:"/download/net_launcher.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.149.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3817332/; classtype:trojan-activity;sid:84680432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3817062)"; flow:established,from_client; content:"GET"; http_method; content:"/kkkzzz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"38.60.241.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3817062/; classtype:trojan-activity;sid:84680162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816935)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/ewoba.github.io/refs/heads/main/lampoon/io_github_ewoba_v3.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816935/; classtype:trojan-activity;sid:84680035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816934)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/kick-tg-rewards/raw/refs/heads/main/backend-python/rem/lib/site-packages/pip/_vendor/packaging/tg-kick-rewards-v2.9.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816934/; classtype:trojan-activity;sid:84680034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816932)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/pato851.github.io/raw/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816932/; classtype:trojan-activity;sid:84680032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816933)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/ewoba.github.io/raw/refs/heads/main/lampoon/io_github_ewoba_v3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816933/; classtype:trojan-activity;sid:84680033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816928)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/kick-tg-rewards/refs/heads/main/backend-python/rem/lib/site-packages/pip/_vendor/packaging/tg-kick-rewards-v2.9.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816928/; classtype:trojan-activity;sid:84680028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816929)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/rock-breaker/refs/heads/main/src/components/rock_breaker_v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816929/; classtype:trojan-activity;sid:84680029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816930)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/rock-breaker/raw/refs/heads/main/src/components/rock_breaker_v1.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816930/; classtype:trojan-activity;sid:84680030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816931)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/pato851.github.io/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816931/; classtype:trojan-activity;sid:84680031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816923)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/infinity-snip3/raw/refs/heads/master/audio/infinity_snip_screeve.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816923/; classtype:trojan-activity;sid:84680023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816921)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/talktobaby.github.io/raw/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816921/; classtype:trojan-activity;sid:84680021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816922)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/infinity-snip3/refs/heads/master/audio/infinity_snip_screeve.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816922/; classtype:trojan-activity;sid:84680022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816920)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/talktobaby.github.io/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816920/; classtype:trojan-activity;sid:84680020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816897)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/servermaker/raw/refs/heads/main/data/maker_server_v3.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816897/; classtype:trojan-activity;sid:84679997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816896)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/beast700.github.io/refs/heads/main/still/beast_io_github_2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816896/; classtype:trojan-activity;sid:84679996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816895)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/flexlkgaming-com/refs/heads/main/firmhearted/com_flexlkgaming_1.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816895/; classtype:trojan-activity;sid:84679995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816893)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/flexlkgaming-com/raw/refs/heads/main/firmhearted/com_flexlkgaming_1.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816893/; classtype:trojan-activity;sid:84679993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816894)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/beast700.github.io/raw/refs/heads/main/still/beast_io_github_2.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816894/; classtype:trojan-activity;sid:84679994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816892)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/servermaker/refs/heads/main/data/maker_server_v3.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816892/; classtype:trojan-activity;sid:84679992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816888)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/xfoxusx.github.io/raw/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816888/; classtype:trojan-activity;sid:84679988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816889)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/raw/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816889/; classtype:trojan-activity;sid:84679989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816887)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816887/; classtype:trojan-activity;sid:84679987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816886)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/xfoxusx.github.io/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816886/; classtype:trojan-activity;sid:84679986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816841)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/tic_tac_toe/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816841/; classtype:trojan-activity;sid:84679941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816837)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/32/raw/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816837/; classtype:trojan-activity;sid:84679937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816838)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816838/; classtype:trojan-activity;sid:84679938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816839)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/raw/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816839/; classtype:trojan-activity;sid:84679939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816840)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/tic_tac_toe/raw/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816840/; classtype:trojan-activity;sid:84679940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816836)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/32/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816836/; classtype:trojan-activity;sid:84679936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816822)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816822/; classtype:trojan-activity;sid:84679922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816823)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816823/; classtype:trojan-activity;sid:84679923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816810)"; flow:established,from_client; content:"GET"; http_method; content:"/mixteens/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816810/; classtype:trojan-activity;sid:84679910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816809)"; flow:established,from_client; content:"GET"; http_method; content:"/mixteens/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816809/; classtype:trojan-activity;sid:84679909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816793)"; flow:established,from_client; content:"GET"; http_method; content:"/jahredip/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816793/; classtype:trojan-activity;sid:84679893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816791)"; flow:established,from_client; content:"GET"; http_method; content:"/jahredip/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816791/; classtype:trojan-activity;sid:84679891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816792)"; flow:established,from_client; content:"GET"; http_method; content:"/trustnobodys/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816792/; classtype:trojan-activity;sid:84679892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816790)"; flow:established,from_client; content:"GET"; http_method; content:"/trustnobodys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816790/; classtype:trojan-activity;sid:84679890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816784)"; flow:established,from_client; content:"GET"; http_method; content:"/atteriss/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816784/; classtype:trojan-activity;sid:84679884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816785)"; flow:established,from_client; content:"GET"; http_method; content:"/atteriss/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816785/; classtype:trojan-activity;sid:84679885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816741)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816741/; classtype:trojan-activity;sid:84679841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816739)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816739/; classtype:trojan-activity;sid:84679839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816740)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816740/; classtype:trojan-activity;sid:84679840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816686/; classtype:trojan-activity;sid:84679786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816386)"; flow:established,from_client; content:"GET"; http_method; content:"/download/net_launcher.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"furystaff.tech"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816386/; classtype:trojan-activity;sid:84679486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.37.0.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816376/; classtype:trojan-activity;sid:84679476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816329)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816329/; classtype:trojan-activity;sid:84679429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816327)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.229.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816327/; classtype:trojan-activity;sid:84679427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.37.0.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816317/; classtype:trojan-activity;sid:84679417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3815852/; classtype:trojan-activity;sid:84678952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815736)"; flow:established,from_client; content:"GET"; http_method; content:"/download/launcher.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.149.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815736/; classtype:trojan-activity;sid:84678836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.166.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815631/; classtype:trojan-activity;sid:84678731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815621)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815621/; classtype:trojan-activity;sid:84678721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815620)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815620/; classtype:trojan-activity;sid:84678720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815616)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815616/; classtype:trojan-activity;sid:84678716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815617)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815617/; classtype:trojan-activity;sid:84678717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815618)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815618/; classtype:trojan-activity;sid:84678718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815619)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815619/; classtype:trojan-activity;sid:84678719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.156.166.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3815203/; classtype:trojan-activity;sid:84678303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815018)"; flow:established,from_client; content:"GET"; http_method; content:"/sexogaycomtravesti/bkp/chrome_update_old.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"147.93.3.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3815018/; classtype:trojan-activity;sid:84678118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815017)"; flow:established,from_client; content:"GET"; http_method; content:"/sexogaycomtravesti/bkp/chrome_update.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"147.93.3.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3815017/; classtype:trojan-activity;sid:84678117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815015)"; flow:established,from_client; content:"GET"; http_method; content:"/sexogaycomtravesti/main.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.93.3.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3815015/; classtype:trojan-activity;sid:84678115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815014)"; flow:established,from_client; content:"GET"; http_method; content:"/sexogaycomtravesti/chrome_update.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"147.93.3.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3815014/; classtype:trojan-activity;sid:84678114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814916)"; flow:established,from_client; content:"GET"; http_method; content:"/elementos/mhdcbdc.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"grupomcperu.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814916/; classtype:trojan-activity;sid:84678016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814834)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spenglercomics.firebasestorage.app/o/task.txt|3f|alt=media|7c|26|7c|token=f162f5ce-52f7-4407-8cc4-dd96cedd9b0e"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814834/; classtype:trojan-activity;sid:84677934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814749)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/encrypted.hta"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814749/; classtype:trojan-activity;sid:84677849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814747)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/windowslogonservice.bat"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814747/; classtype:trojan-activity;sid:84677847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814748)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/pulsar-client.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814748/; classtype:trojan-activity;sid:84677848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814746)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/maybeworking.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814746/; classtype:trojan-activity;sid:84677846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814744)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/test/123123.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814744/; classtype:trojan-activity;sid:84677844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814742)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/rickowens/refs/heads/main/encrypted.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814742/; classtype:trojan-activity;sid:84677842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814743)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/detectionratetesting.hta"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814743/; classtype:trojan-activity;sid:84677843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814741)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/rickowens/raw/refs/heads/main/pulsar-client.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814741/; classtype:trojan-activity;sid:84677841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814740)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/test/encrypted.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814740/; classtype:trojan-activity;sid:84677840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814386)"; flow:established,from_client; content:"GET"; http_method; content:"/base.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"google-services.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814386/; classtype:trojan-activity;sid:84677486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814107)"; flow:established,from_client; content:"GET"; http_method; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/conhost.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814107/; classtype:trojan-activity;sid:84677207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814104)"; flow:established,from_client; content:"GET"; http_method; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/randll32.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814104/; classtype:trojan-activity;sid:84677204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813653)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.95.147.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813653/; classtype:trojan-activity;sid:84676753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813602)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.95.147.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813602/; classtype:trojan-activity;sid:84676702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813596)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813596/; classtype:trojan-activity;sid:84676696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812986)"; flow:established,from_client; content:"GET"; http_method; content:"/i88.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.144.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812986/; classtype:trojan-activity;sid:84676086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812871)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/aa/raw/refs/heads/main/hey.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812871/; classtype:trojan-activity;sid:84675971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812870)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/99/raw/refs/heads/main/violet.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812870/; classtype:trojan-activity;sid:84675970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812869)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/aaaa/raw/refs/heads/main/hey.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812869/; classtype:trojan-activity;sid:84675969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812867)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/violet/raw/refs/heads/main/violet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812867/; classtype:trojan-activity;sid:84675967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812868)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/app/raw/refs/heads/main/violet.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812868/; classtype:trojan-activity;sid:84675968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812862)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/aaa/refs/heads/main/he.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812862/; classtype:trojan-activity;sid:84675962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812863)"; flow:established,from_client; content:"GET"; http_method; content:"/l44443934-ui/aaa/raw/refs/heads/main/he.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812863/; classtype:trojan-activity;sid:84675963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812854)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"msgrouppolicy.vg"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812854/; classtype:trojan-activity;sid:84675954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812849)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812849/; classtype:trojan-activity;sid:84675949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812847)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812847/; classtype:trojan-activity;sid:84675947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812820)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812820/; classtype:trojan-activity;sid:84675920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812821)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812821/; classtype:trojan-activity;sid:84675921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812832)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812832/; classtype:trojan-activity;sid:84675932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812835)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812835/; classtype:trojan-activity;sid:84675935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812838)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812838/; classtype:trojan-activity;sid:84675938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812841)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812841/; classtype:trojan-activity;sid:84675941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812726)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812726/; classtype:trojan-activity;sid:84675826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812701)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.226.235.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812701/; classtype:trojan-activity;sid:84675801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812664)"; flow:established,from_client; content:"GET"; http_method; content:"/7.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812664/; classtype:trojan-activity;sid:84675764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812586/; classtype:trojan-activity;sid:84675686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812407)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812407/; classtype:trojan-activity;sid:84675507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812399)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812399/; classtype:trojan-activity;sid:84675499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812392)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812392/; classtype:trojan-activity;sid:84675492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812386)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812386/; classtype:trojan-activity;sid:84675486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812387)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812387/; classtype:trojan-activity;sid:84675487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812368)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812368/; classtype:trojan-activity;sid:84675468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812369)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812369/; classtype:trojan-activity;sid:84675469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812370)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812370/; classtype:trojan-activity;sid:84675470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812371)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812371/; classtype:trojan-activity;sid:84675471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812372)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812372/; classtype:trojan-activity;sid:84675472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812373)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812373/; classtype:trojan-activity;sid:84675473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812374)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812374/; classtype:trojan-activity;sid:84675474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812375)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812375/; classtype:trojan-activity;sid:84675475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812359)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812359/; classtype:trojan-activity;sid:84675459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812360)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812360/; classtype:trojan-activity;sid:84675460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812302)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812302/; classtype:trojan-activity;sid:84675402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812265)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812265/; classtype:trojan-activity;sid:84675365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812244)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812244/; classtype:trojan-activity;sid:84675344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812231)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"74.48.134.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812231/; classtype:trojan-activity;sid:84675331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3811069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_04; reference:url, urlhaus.abuse.ch/url/3811069/; classtype:trojan-activity;sid:84674169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3811002)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_04; reference:url, urlhaus.abuse.ch/url/3811002/; classtype:trojan-activity;sid:84674102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.253.117.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810884/; classtype:trojan-activity;sid:84673984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.99.181.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810858/; classtype:trojan-activity;sid:84673958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810839/; classtype:trojan-activity;sid:84673939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810777)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810777/; classtype:trojan-activity;sid:84673877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810689/; classtype:trojan-activity;sid:84673789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810685/; classtype:trojan-activity;sid:84673785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810532)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810532/; classtype:trojan-activity;sid:84673632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810490)"; flow:established,from_client; content:"GET"; http_method; content:"/patch/1117.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jin.com.my"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810490/; classtype:trojan-activity;sid:84673590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"themaintechnician.us"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810488/; classtype:trojan-activity;sid:84673588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810486)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvp_invite%23903388.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pub-ec081eb0fab74385a17d8d77afeeda3b.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810486/; classtype:trojan-activity;sid:84673586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810447)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810447/; classtype:trojan-activity;sid:84673547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810365)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810365/; classtype:trojan-activity;sid:84673465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810361)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810361/; classtype:trojan-activity;sid:84673461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810362)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810362/; classtype:trojan-activity;sid:84673462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810363)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810363/; classtype:trojan-activity;sid:84673463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810364)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810364/; classtype:trojan-activity;sid:84673464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810338)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810338/; classtype:trojan-activity;sid:84673438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810339)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810339/; classtype:trojan-activity;sid:84673439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810342)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810342/; classtype:trojan-activity;sid:84673442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810343)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810343/; classtype:trojan-activity;sid:84673443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810347)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810347/; classtype:trojan-activity;sid:84673447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810350)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810350/; classtype:trojan-activity;sid:84673450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810352)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810352/; classtype:trojan-activity;sid:84673452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810360)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810360/; classtype:trojan-activity;sid:84673460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810337)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810337/; classtype:trojan-activity;sid:84673437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810335)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810335/; classtype:trojan-activity;sid:84673435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.157.55.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810332/; classtype:trojan-activity;sid:84673432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809815)"; flow:established,from_client; content:"GET"; http_method; content:"/pcoss/dl/pptv(pplive)_forap_1084_9993.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ossapp.suning.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809815/; classtype:trojan-activity;sid:84672915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.157.55.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809612/; classtype:trojan-activity;sid:84672712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.224.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809563/; classtype:trojan-activity;sid:84672663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809347)"; flow:established,from_client; content:"GET"; http_method; content:"/6.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809347/; classtype:trojan-activity;sid:84672447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809348)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809348/; classtype:trojan-activity;sid:84672448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809349)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809349/; classtype:trojan-activity;sid:84672449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809350)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809350/; classtype:trojan-activity;sid:84672450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809351)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809351/; classtype:trojan-activity;sid:84672451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809352)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809352/; classtype:trojan-activity;sid:84672452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809024)"; flow:established,from_client; content:"GET"; http_method; content:"/sehhs_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reutilizemais.co.mz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809024/; classtype:trojan-activity;sid:84672124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809025)"; flow:established,from_client; content:"GET"; http_method; content:"/sehhs_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reutilizemais.co.mz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809025/; classtype:trojan-activity;sid:84672125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.208.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808984/; classtype:trojan-activity;sid:84672084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.224.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808978/; classtype:trojan-activity;sid:84672078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808366)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/83/b7/5e93f51cd157cc8cf5599f387e587a1926d50fc7e54fb76d04b342341fb0/telnyx-4.87.1-py3-none-any.whl"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"files.pythonhosted.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808366/; classtype:trojan-activity;sid:84671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808367)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/5a/73/87cb49434a1f89f253819b81993d3a4e65186ae08b013b9825633ceac359/telnyx-4.87.2-py3-none-any.whl"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"files.pythonhosted.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808367/; classtype:trojan-activity;sid:84671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808365)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808365/; classtype:trojan-activity;sid:84671465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808273)"; flow:established,from_client; content:"GET"; http_method; content:"/dannyjune79/tangnano20k-pooyan/refs/heads/main/tn20k-pooyan/schematics/pooyan-tang-nano-v3.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808273/; classtype:trojan-activity;sid:84671373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808277)"; flow:established,from_client; content:"GET"; http_method; content:"/dannyjune79/tangnano20k-pooyan/raw/refs/heads/main/tn20k-pooyan/schematics/pooyan-tang-nano-v3.7.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808277/; classtype:trojan-activity;sid:84671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.224.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808154/; classtype:trojan-activity;sid:84671254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807816)"; flow:established,from_client; content:"GET"; http_method; content:"/tiendaunomx/wave-defender/raw/refs/heads/main/counterstatement/wave_defender_3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807816/; classtype:trojan-activity;sid:84670916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807814)"; flow:established,from_client; content:"GET"; http_method; content:"/tiendaunomx/wave-defender/refs/heads/main/counterstatement/wave_defender_3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807814/; classtype:trojan-activity;sid:84670914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807799)"; flow:established,from_client; content:"GET"; http_method; content:"/provosaintbride913/twitchfollowers/refs/heads/main/recoast/followers-twitch-counterpray.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807799/; classtype:trojan-activity;sid:84670899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807802)"; flow:established,from_client; content:"GET"; http_method; content:"/a-ettahri/nullrat/refs/heads/main/nullrat/rat_null_1.4-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807802/; classtype:trojan-activity;sid:84670902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807804)"; flow:established,from_client; content:"GET"; http_method; content:"/a-ettahri/nullrat/raw/refs/heads/main/nullrat/rat_null_1.4-beta.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807804/; classtype:trojan-activity;sid:84670904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807805)"; flow:established,from_client; content:"GET"; http_method; content:"/provosaintbride913/twitchfollowers/raw/refs/heads/main/recoast/followers-twitch-counterpray.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807805/; classtype:trojan-activity;sid:84670905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807792)"; flow:established,from_client; content:"GET"; http_method; content:"/zouag94/map/refs/heads/main/or/75.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807792/; classtype:trojan-activity;sid:84670892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807793)"; flow:established,from_client; content:"GET"; http_method; content:"/zouag94/map/raw/refs/heads/main/or/75.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807793/; classtype:trojan-activity;sid:84670893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807784)"; flow:established,from_client; content:"GET"; http_method; content:"/kupcsi/bounce_zero/refs/heads/main/lang/bounce_zero_v1.0.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807784/; classtype:trojan-activity;sid:84670884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807785)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/cafe-erp-system/raw/refs/heads/main/css/system-er-caf-v3.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807785/; classtype:trojan-activity;sid:84670885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807786)"; flow:established,from_client; content:"GET"; http_method; content:"/nopaleafifo630/tic-tac-toe-game/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807786/; classtype:trojan-activity;sid:84670886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807787)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/cafe-erp-system/refs/heads/main/css/system-er-caf-v3.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807787/; classtype:trojan-activity;sid:84670887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807788)"; flow:established,from_client; content:"GET"; http_method; content:"/nopaleafifo630/tic-tac-toe-game/raw/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807788/; classtype:trojan-activity;sid:84670888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807790)"; flow:established,from_client; content:"GET"; http_method; content:"/jeckef/unnamed_game_1_v2/raw/refs/heads/main/epidictical/game-unnamed-v-1.3-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807790/; classtype:trojan-activity;sid:84670890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807779)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/blood-donation-sql-project/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807779/; classtype:trojan-activity;sid:84670879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807781)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/blood-donation-sql-project/raw/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807781/; classtype:trojan-activity;sid:84670881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807735)"; flow:established,from_client; content:"GET"; http_method; content:"/cosggg/simon-says-rag-android/raw/refs/heads/main/app/src/main/res/drawable/android-ra-says-simon-transparentness.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807735/; classtype:trojan-activity;sid:84670835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807739)"; flow:established,from_client; content:"GET"; http_method; content:"/cosggg/simon-says-rag-android/refs/heads/main/app/src/main/res/drawable/android-ra-says-simon-transparentness.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807739/; classtype:trojan-activity;sid:84670839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807643)"; flow:established,from_client; content:"GET"; http_method; content:"/anonymss642/james-bond-quantum-of-solace-pc-fix-controller-support/refs/heads/main/build/obj/win32/debug/quantum-fix-of-controller-solace-bond-support-p-james-2.6.zip"; http_uri; depth:167; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807643/; classtype:trojan-activity;sid:84670743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807649)"; flow:established,from_client; content:"GET"; http_method; content:"/anonymss642/james-bond-quantum-of-solace-pc-fix-controller-support/raw/refs/heads/main/build/obj/win32/debug/quantum-fix-of-controller-solace-bond-support-p-james-2.6.zip"; http_uri; depth:171; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807649/; classtype:trojan-activity;sid:84670749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807640)"; flow:established,from_client; content:"GET"; http_method; content:"/anonymss642/anonymss642.github.io/raw/refs/heads/main/butterwort/github-io-anonymss-1.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807640/; classtype:trojan-activity;sid:84670740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807638)"; flow:established,from_client; content:"GET"; http_method; content:"/anonymss642/anonymss642.github.io/refs/heads/main/butterwort/github-io-anonymss-1.8.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807638/; classtype:trojan-activity;sid:84670738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807041)"; flow:established,from_client; content:"GET"; http_method; content:"/xlh/cccc.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_28; reference:url, urlhaus.abuse.ch/url/3807041/; classtype:trojan-activity;sid:84670141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.224.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_28; reference:url, urlhaus.abuse.ch/url/3806913/; classtype:trojan-activity;sid:84670013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.132.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806637/; classtype:trojan-activity;sid:84669737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.132.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806627/; classtype:trojan-activity;sid:84669727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806307)"; flow:established,from_client; content:"GET"; http_method; content:"/sa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806307/; classtype:trojan-activity;sid:84669407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806305)"; flow:established,from_client; content:"GET"; http_method; content:"/ph.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806305/; classtype:trojan-activity;sid:84669405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806306)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806306/; classtype:trojan-activity;sid:84669406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806302)"; flow:established,from_client; content:"GET"; http_method; content:"/i.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806302/; classtype:trojan-activity;sid:84669402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806303)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806303/; classtype:trojan-activity;sid:84669403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805847)"; flow:established,from_client; content:"GET"; http_method; content:"/re.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805847/; classtype:trojan-activity;sid:84668947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805839)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805839/; classtype:trojan-activity;sid:84668939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805840)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805840/; classtype:trojan-activity;sid:84668940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805841)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805841/; classtype:trojan-activity;sid:84668941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805837)"; flow:established,from_client; content:"GET"; http_method; content:"/acb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805837/; classtype:trojan-activity;sid:84668937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805838)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805838/; classtype:trojan-activity;sid:84668938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.208.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805755/; classtype:trojan-activity;sid:84668855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805660)"; flow:established,from_client; content:"GET"; http_method; content:"/imgedu093.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805660/; classtype:trojan-activity;sid:84668760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805656)"; flow:established,from_client; content:"GET"; http_method; content:"/image099.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805656/; classtype:trojan-activity;sid:84668756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805655)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecopy777.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805655/; classtype:trojan-activity;sid:84668755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805559)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805559/; classtype:trojan-activity;sid:84668659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.205.226.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805277/; classtype:trojan-activity;sid:84668377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.205.226.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805167/; classtype:trojan-activity;sid:84668267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804928)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"silverhost.vg"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_25; reference:url, urlhaus.abuse.ch/url/3804928/; classtype:trojan-activity;sid:84668028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804863)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetxt0074751.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_25; reference:url, urlhaus.abuse.ch/url/3804863/; classtype:trojan-activity;sid:84667963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804620)"; flow:established,from_client; content:"GET"; http_method; content:"/oxfordmobilexray.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"oxfordmobilexray.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_25; reference:url, urlhaus.abuse.ch/url/3804620/; classtype:trojan-activity;sid:84667720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804022)"; flow:established,from_client; content:"GET"; http_method; content:"/haucavn/bibguard/refs/heads/main/src/fetchers/guard-bib-bhoy.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3804022/; classtype:trojan-activity;sid:84667122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804007)"; flow:established,from_client; content:"GET"; http_method; content:"/haucavn/haucavn.github.io/refs/heads/main/purist/haucavn_github_io_v1.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3804007/; classtype:trojan-activity;sid:84667107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804008)"; flow:established,from_client; content:"GET"; http_method; content:"/haucavn/bibguard/raw/refs/heads/main/src/fetchers/guard-bib-bhoy.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3804008/; classtype:trojan-activity;sid:84667108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804012)"; flow:established,from_client; content:"GET"; http_method; content:"/haucavn/haucavn.github.io/raw/refs/heads/main/purist/haucavn_github_io_v1.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3804012/; classtype:trojan-activity;sid:84667112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803910)"; flow:established,from_client; content:"GET"; http_method; content:"/julesjujuu/wpaudit/raw/refs/heads/main/config/software-2.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803910/; classtype:trojan-activity;sid:84667010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803903)"; flow:established,from_client; content:"GET"; http_method; content:"/ombarde12/ix-ghostprotocol/raw/refs/heads/main/core/identity/protocol_ghost_i_v2.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803903/; classtype:trojan-activity;sid:84667003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803904)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/raw/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803904/; classtype:trojan-activity;sid:84667004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803905)"; flow:established,from_client; content:"GET"; http_method; content:"/julesjujuu/wpaudit/refs/heads/main/config/software-2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803905/; classtype:trojan-activity;sid:84667005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803906)"; flow:established,from_client; content:"GET"; http_method; content:"/ombarde12/omaespareparts.github.io/refs/heads/main/uncasked/github-om-spareparts-io-ae-v2.0-alpha.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803906/; classtype:trojan-activity;sid:84667006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803907)"; flow:established,from_client; content:"GET"; http_method; content:"/rianna113/blackvault/refs/heads/main/src/core/encryption_engine/black_vault_v3.4-alpha.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803907/; classtype:trojan-activity;sid:84667007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803908)"; flow:established,from_client; content:"GET"; http_method; content:"/rianna113/blackvault/raw/refs/heads/main/src/core/encryption_engine/black_vault_v3.4-alpha.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803908/; classtype:trojan-activity;sid:84667008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803909)"; flow:established,from_client; content:"GET"; http_method; content:"/ombarde12/omaespareparts.github.io/raw/refs/heads/main/uncasked/github-om-spareparts-io-ae-v2.0-alpha.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803909/; classtype:trojan-activity;sid:84667009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803901)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803901/; classtype:trojan-activity;sid:84667001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803902)"; flow:established,from_client; content:"GET"; http_method; content:"/ombarde12/ix-ghostprotocol/refs/heads/main/core/identity/protocol_ghost_i_v2.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803902/; classtype:trojan-activity;sid:84667002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803891)"; flow:established,from_client; content:"GET"; http_method; content:"/modyd/kaggle-ai-agents-google-capstone/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803891/; classtype:trojan-activity;sid:84666991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803892)"; flow:established,from_client; content:"GET"; http_method; content:"/modyd/kaggle-ai-agents-google-capstone/raw/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803892/; classtype:trojan-activity;sid:84666992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803855)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/caidonw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803855/; classtype:trojan-activity;sid:84666955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803847)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/raw/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803847/; classtype:trojan-activity;sid:84666947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803848)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoalfaro2006/autopentestx/refs/heads/main/modules/x-auto-pentest-3.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803848/; classtype:trojan-activity;sid:84666948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803849)"; flow:established,from_client; content:"GET"; http_method; content:"/munem-1/file-integrity-checker-cybersecurity-tool/refs/heads/main/assets/integrity_tool_cybersecurity_checker_file_3.7-alpha.5.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803849/; classtype:trojan-activity;sid:84666949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803851)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803851/; classtype:trojan-activity;sid:84666951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803852)"; flow:established,from_client; content:"GET"; http_method; content:"/ovifrn/llmverify-npm/refs/heads/main/src/security/npm_llmverify_3.3-beta.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803852/; classtype:trojan-activity;sid:84666952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803838)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803838/; classtype:trojan-activity;sid:84666938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803839)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803839/; classtype:trojan-activity;sid:84666939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803840)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoalfaro2006/autopentestx/raw/refs/heads/main/modules/x-auto-pentest-3.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803840/; classtype:trojan-activity;sid:84666940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803841)"; flow:established,from_client; content:"GET"; http_method; content:"/ovifrn/llmverify-npm/raw/refs/heads/main/src/security/npm_llmverify_3.3-beta.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803841/; classtype:trojan-activity;sid:84666941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803842)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/raw/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803842/; classtype:trojan-activity;sid:84666942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803843)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/raw/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803843/; classtype:trojan-activity;sid:84666943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803845)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/caidonw/raw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803845/; classtype:trojan-activity;sid:84666945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803846)"; flow:established,from_client; content:"GET"; http_method; content:"/munem-1/file-integrity-checker-cybersecurity-tool/raw/refs/heads/main/assets/integrity_tool_cybersecurity_checker_file_3.7-alpha.5.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803846/; classtype:trojan-activity;sid:84666946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803826)"; flow:established,from_client; content:"GET"; http_method; content:"/varun4gv/pumpfun-risk-analyzer/refs/heads/main/backend/services/analyzer_pumpfun_risk_1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803826/; classtype:trojan-activity;sid:84666926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803827)"; flow:established,from_client; content:"GET"; http_method; content:"/varun4gv/pumpfun-risk-analyzer/raw/refs/heads/main/backend/services/analyzer_pumpfun_risk_1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803827/; classtype:trojan-activity;sid:84666927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803828)"; flow:established,from_client; content:"GET"; http_method; content:"/stanayo/s3tk/raw/refs/heads/main/spinnable/s_tk_3.7.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803828/; classtype:trojan-activity;sid:84666928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803829)"; flow:established,from_client; content:"GET"; http_method; content:"/stanayo/s3tk/refs/heads/main/spinnable/s_tk_3.7.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803829/; classtype:trojan-activity;sid:84666929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803808)"; flow:established,from_client; content:"GET"; http_method; content:"/feros0/commentcrusader-burp/refs/heads/main/media/commentcrusader_burp_cessor.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803808/; classtype:trojan-activity;sid:84666908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803809)"; flow:established,from_client; content:"GET"; http_method; content:"/vorexcotusar/revguard-nlp/refs/heads/main/hogling/revguard_nlp_mailguard.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803809/; classtype:trojan-activity;sid:84666909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803810)"; flow:established,from_client; content:"GET"; http_method; content:"/siyahkan0637/safehold/raw/refs/heads/main/.vscode/software_3.8-alpha.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803810/; classtype:trojan-activity;sid:84666910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803811)"; flow:established,from_client; content:"GET"; http_method; content:"/feros0/commentcrusader-burp/raw/refs/heads/main/media/commentcrusader_burp_cessor.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803811/; classtype:trojan-activity;sid:84666911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803812)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/aar-act/raw/refs/heads/main/automation/aar_act_2.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803812/; classtype:trojan-activity;sid:84666912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803813)"; flow:established,from_client; content:"GET"; http_method; content:"/siyahkan0637/safehold/refs/heads/main/.vscode/software_3.8-alpha.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803813/; classtype:trojan-activity;sid:84666913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803814)"; flow:established,from_client; content:"GET"; http_method; content:"/loczek223/fraud-detection-modelling-and-reporting/raw/refs/heads/main/orthotolidin/and_modelling_fraud_detection_reporting_2.6-alpha.5.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803814/; classtype:trojan-activity;sid:84666914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803815)"; flow:established,from_client; content:"GET"; http_method; content:"/raiz-ui/obex/refs/heads/main/ruby/software_trickment.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803815/; classtype:trojan-activity;sid:84666915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803816)"; flow:established,from_client; content:"GET"; http_method; content:"/raiz-ui/obex/raw/refs/heads/main/ruby/software_trickment.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803816/; classtype:trojan-activity;sid:84666916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803817)"; flow:established,from_client; content:"GET"; http_method; content:"/vorexcotusar/revguard-nlp/raw/refs/heads/main/hogling/revguard_nlp_mailguard.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803817/; classtype:trojan-activity;sid:84666917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803818)"; flow:established,from_client; content:"GET"; http_method; content:"/karthik-reddy6/aegistrace-threat-intelligence/raw/refs/heads/main/docs/intelligence-threat-aegistrace-2.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803818/; classtype:trojan-activity;sid:84666918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803819)"; flow:established,from_client; content:"GET"; http_method; content:"/karthik-reddy6/aegistrace-threat-intelligence/refs/heads/main/docs/intelligence-threat-aegistrace-2.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803819/; classtype:trojan-activity;sid:84666919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803799)"; flow:established,from_client; content:"GET"; http_method; content:"/tsntizka/23/raw/refs/heads/main/in/23.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803799/; classtype:trojan-activity;sid:84666899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803800)"; flow:established,from_client; content:"GET"; http_method; content:"/wangyanjun7954/cyberdefensex_demo/refs/heads/main/agent/demo-defense-cyber-1.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803800/; classtype:trojan-activity;sid:84666900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803801)"; flow:established,from_client; content:"GET"; http_method; content:"/juwad65/npm-malware-scanner/refs/heads/main/messmate/malware-scanner-npm-1.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803801/; classtype:trojan-activity;sid:84666901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803802)"; flow:established,from_client; content:"GET"; http_method; content:"/juwad65/npm-malware-scanner/raw/refs/heads/main/messmate/malware-scanner-npm-1.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803802/; classtype:trojan-activity;sid:84666902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803803)"; flow:established,from_client; content:"GET"; http_method; content:"/loczek223/exilemodforge/refs/heads/main/occupative/forge-mod-exile-1.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803803/; classtype:trojan-activity;sid:84666903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803804)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/b0zrx.github.io/raw/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803804/; classtype:trojan-activity;sid:84666904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803805)"; flow:established,from_client; content:"GET"; http_method; content:"/wangyanjun7954/cyberdefensex_demo/raw/refs/heads/main/agent/demo-defense-cyber-1.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803805/; classtype:trojan-activity;sid:84666905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803806)"; flow:established,from_client; content:"GET"; http_method; content:"/loczek223/fraud-detection-modelling-and-reporting/refs/heads/main/orthotolidin/and_modelling_fraud_detection_reporting_2.6-alpha.5.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803806/; classtype:trojan-activity;sid:84666906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803807)"; flow:established,from_client; content:"GET"; http_method; content:"/loczek223/exilemodforge/raw/refs/heads/main/occupative/forge-mod-exile-1.6.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803807/; classtype:trojan-activity;sid:84666907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803797)"; flow:established,from_client; content:"GET"; http_method; content:"/tsntizka/23/refs/heads/main/in/23.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803797/; classtype:trojan-activity;sid:84666897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803773)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/aar-act/refs/heads/main/automation/aar_act_2.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803773/; classtype:trojan-activity;sid:84666873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803774)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/raw/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803774/; classtype:trojan-activity;sid:84666874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803775)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbookbackend/raw/refs/heads/main/models/calc_backend_book_3.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803775/; classtype:trojan-activity;sid:84666875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803776)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803776/; classtype:trojan-activity;sid:84666876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803777)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/ins_sandstorm/refs/heads/master/insurgency/config/server/sandstorm_in_v2.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803777/; classtype:trojan-activity;sid:84666877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803778)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunny/refs/heads/main/src/lib/utils/software-3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803778/; classtype:trojan-activity;sid:84666878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803779)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/github.io/refs/heads/master/assets/mobirise/github_io_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803779/; classtype:trojan-activity;sid:84666879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803780)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbook/raw/refs/heads/main/public/images/logo/calc_book_2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803780/; classtype:trojan-activity;sid:84666880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803781)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunnytweak/raw/refs/heads/main/.github/software_v1.4-alpha.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803781/; classtype:trojan-activity;sid:84666881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803782)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/raw/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803782/; classtype:trojan-activity;sid:84666882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803783)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbook/refs/heads/main/public/images/logo/calc_book_2.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803783/; classtype:trojan-activity;sid:84666883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803784)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/github.io/raw/refs/heads/master/assets/mobirise/github_io_1.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803784/; classtype:trojan-activity;sid:84666884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803785)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/totp-otp-auth/refs/heads/main/src/auth-otp-totp-v3.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803785/; classtype:trojan-activity;sid:84666885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803786)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/exo/refs/heads/main/src/middleware/software-v3.0-beta.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803786/; classtype:trojan-activity;sid:84666886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803787)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/anti_phishing_email_detector_gui/raw/refs/heads/main/anti_phishing_email_detector/data/gui-anti-phishing-email-detector-v3.9.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803787/; classtype:trojan-activity;sid:84666887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803788)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/ifearnohost.github.io/refs/heads/main/speciousness/github_ifearnohost_io_1.9-alpha.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803788/; classtype:trojan-activity;sid:84666888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803789)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/openclaw-skill-safe/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803789/; classtype:trojan-activity;sid:84666889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803790)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/ins_sandstorm/raw/refs/heads/master/insurgency/config/server/sandstorm_in_v2.0.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803790/; classtype:trojan-activity;sid:84666890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803791)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunny/raw/refs/heads/main/src/lib/utils/software-3.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803791/; classtype:trojan-activity;sid:84666891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803792)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/ifearnohost.github.io/raw/refs/heads/main/speciousness/github_ifearnohost_io_1.9-alpha.1.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803792/; classtype:trojan-activity;sid:84666892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803793)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/totp-otp-auth/raw/refs/heads/main/src/auth-otp-totp-v3.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803793/; classtype:trojan-activity;sid:84666893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803794)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/openclaw-skill-safe/raw/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803794/; classtype:trojan-activity;sid:84666894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803795)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/raw/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803795/; classtype:trojan-activity;sid:84666895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803796)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803796/; classtype:trojan-activity;sid:84666896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803761)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/b0zrx.github.io/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803761/; classtype:trojan-activity;sid:84666861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803762)"; flow:established,from_client; content:"GET"; http_method; content:"/orangeok77/chrysalis-ioc-triage/refs/heads/master/docs/triage-chrysalis-ioc-1.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803762/; classtype:trojan-activity;sid:84666862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803763)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/eeveespotifyreborn/refs/heads/swift/.github/spotify-eevee-reborn-3.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803763/; classtype:trojan-activity;sid:84666863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803764)"; flow:established,from_client; content:"GET"; http_method; content:"/orangeok77/chrysalis-ioc-triage/raw/refs/heads/master/docs/triage-chrysalis-ioc-1.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803764/; classtype:trojan-activity;sid:84666864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803765)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/exo/raw/refs/heads/main/src/middleware/software-v3.0-beta.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803765/; classtype:trojan-activity;sid:84666865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803766)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/raw/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803766/; classtype:trojan-activity;sid:84666866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803768)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803768/; classtype:trojan-activity;sid:84666868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803769)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/anti_phishing_email_detector_gui/refs/heads/main/anti_phishing_email_detector/data/gui-anti-phishing-email-detector-v3.9.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803769/; classtype:trojan-activity;sid:84666869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803770)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbookbackend/refs/heads/main/models/calc_backend_book_3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803770/; classtype:trojan-activity;sid:84666870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803771)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/eeveespotifyreborn/raw/refs/heads/swift/.github/spotify-eevee-reborn-3.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803771/; classtype:trojan-activity;sid:84666871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803772)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunnytweak/refs/heads/main/.github/software_v1.4-alpha.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803772/; classtype:trojan-activity;sid:84666872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803738)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/refs/heads/main/images/syro_theme_v3.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803738/; classtype:trojan-activity;sid:84666838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803739)"; flow:established,from_client; content:"GET"; http_method; content:"/nerfyjubay/phitto-phishing/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803739/; classtype:trojan-activity;sid:84666839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803740)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/raw/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803740/; classtype:trojan-activity;sid:84666840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803741)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/anti-afk/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803741/; classtype:trojan-activity;sid:84666841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803742)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/anti-afk/raw/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803742/; classtype:trojan-activity;sid:84666842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803743)"; flow:established,from_client; content:"GET"; http_method; content:"/forgestudi0s/wagmiwars/refs/heads/main/backend/app/software-2.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803743/; classtype:trojan-activity;sid:84666843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803744)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/raw/refs/heads/main/images/syro_theme_v3.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803744/; classtype:trojan-activity;sid:84666844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803745)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton2355/rust-linuxgsm-watchdog/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803745/; classtype:trojan-activity;sid:84666845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803746)"; flow:established,from_client; content:"GET"; http_method; content:"/wileviking10/aws-security-scout/refs/heads/main/aws_scout/core/security_aws_scout_flightily.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803746/; classtype:trojan-activity;sid:84666846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803747)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/face-injector-v2-1/raw/refs/heads/main/face_injector_v2/v_face_injector_bubastite.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803747/; classtype:trojan-activity;sid:84666847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803748)"; flow:established,from_client; content:"GET"; http_method; content:"/nerfyjubay/phitto-phishing/raw/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803748/; classtype:trojan-activity;sid:84666848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803749)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803749/; classtype:trojan-activity;sid:84666849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803750)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803750/; classtype:trojan-activity;sid:84666850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803751)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/face-injector-v2-1/refs/heads/main/face_injector_v2/v_face_injector_bubastite.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803751/; classtype:trojan-activity;sid:84666851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803752)"; flow:established,from_client; content:"GET"; http_method; content:"/zidane109/cloud-honeypot-auto-block/raw/refs/heads/main/infra/terraform/auto-cloud-honeypot-block-3.5.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803752/; classtype:trojan-activity;sid:84666852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803753)"; flow:established,from_client; content:"GET"; http_method; content:"/zidane109/cloud-honeypot-auto-block/refs/heads/main/infra/terraform/auto-cloud-honeypot-block-3.5.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803753/; classtype:trojan-activity;sid:84666853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803754)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/raw/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803754/; classtype:trojan-activity;sid:84666854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803733)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/raw/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803733/; classtype:trojan-activity;sid:84666833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803734)"; flow:established,from_client; content:"GET"; http_method; content:"/wileviking10/aws-security-scout/raw/refs/heads/main/aws_scout/core/security_aws_scout_flightily.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803734/; classtype:trojan-activity;sid:84666834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803735)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803735/; classtype:trojan-activity;sid:84666835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803737)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton2355/rust-linuxgsm-watchdog/raw/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803737/; classtype:trojan-activity;sid:84666837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803730)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/metasafe-guardian-/refs/heads/main/hydramnion/meta_guardian_safe_v3.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803730/; classtype:trojan-activity;sid:84666830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803731)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/metasafe-guardian-/raw/refs/heads/main/hydramnion/meta_guardian_safe_v3.0.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803731/; classtype:trojan-activity;sid:84666831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803729)"; flow:established,from_client; content:"GET"; http_method; content:"/forgestudi0s/wagmiwars/raw/refs/heads/main/backend/app/software-2.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803729/; classtype:trojan-activity;sid:84666829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803720)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/ushd/raw/refs/heads/main/citharist/software-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803720/; classtype:trojan-activity;sid:84666820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803721)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/code-audit/raw/refs/heads/main/references/frameworks/audit-code-v1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803721/; classtype:trojan-activity;sid:84666821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803718)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/jeje/refs/heads/main/foreloper/software_2.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803718/; classtype:trojan-activity;sid:84666818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803719)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/raw/refs/heads/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803719/; classtype:trojan-activity;sid:84666819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803708)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/script-/raw/refs/heads/main/platinize/script-1.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803708/; classtype:trojan-activity;sid:84666808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803709)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803709/; classtype:trojan-activity;sid:84666809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803710)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/script-/refs/heads/main/platinize/script-1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803710/; classtype:trojan-activity;sid:84666810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803711)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/ushd/refs/heads/main/citharist/software-v3.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803711/; classtype:trojan-activity;sid:84666811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803712)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/raw/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803712/; classtype:trojan-activity;sid:84666812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803713)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/lilx/refs/heads/main/sexannulate/software_v2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803713/; classtype:trojan-activity;sid:84666813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803714)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/code-audit/refs/heads/main/references/frameworks/audit-code-v1.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803714/; classtype:trojan-activity;sid:84666814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803715)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/refs/heads/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803715/; classtype:trojan-activity;sid:84666815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803716)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/lilx/raw/refs/heads/main/sexannulate/software_v2.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803716/; classtype:trojan-activity;sid:84666816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803717)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/jeje/raw/refs/heads/main/foreloper/software_2.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803717/; classtype:trojan-activity;sid:84666817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803705)"; flow:established,from_client; content:"GET"; http_method; content:"/hfuhuu/nvidiacapture/raw/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803705/; classtype:trojan-activity;sid:84666805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803706)"; flow:established,from_client; content:"GET"; http_method; content:"/hfuhuu/nvidiacapture/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803706/; classtype:trojan-activity;sid:84666806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803384)"; flow:established,from_client; content:"GET"; http_method; content:"/kmjs632/png/refs/heads/main/optimizedmsi.png"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_23; reference:url, urlhaus.abuse.ch/url/3803384/; classtype:trojan-activity;sid:84666484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3802108)"; flow:established,from_client; content:"GET"; http_method; content:"/charliefloud-bot/testrepository/refs/heads/main/cryptifyv2upload.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3802108/; classtype:trojan-activity;sid:84665208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801985/; classtype:trojan-activity;sid:84665085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801986/; classtype:trojan-activity;sid:84665086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801987)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801987/; classtype:trojan-activity;sid:84665087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801988)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_ppc64el"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801988/; classtype:trojan-activity;sid:84665088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801989)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801989/; classtype:trojan-activity;sid:84665089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801990)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_softfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801990/; classtype:trojan-activity;sid:84665090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801984)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801984/; classtype:trojan-activity;sid:84665084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801982)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801982/; classtype:trojan-activity;sid:84665082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801983)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801983/; classtype:trojan-activity;sid:84665083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801978)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_softfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801978/; classtype:trojan-activity;sid:84665078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801979)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801979/; classtype:trojan-activity;sid:84665079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801980)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel_hardfloat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801980/; classtype:trojan-activity;sid:84665080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801981)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips_hardfloat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801981/; classtype:trojan-activity;sid:84665081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801977)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801977/; classtype:trojan-activity;sid:84665077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801970)"; flow:established,from_client; content:"GET"; http_method; content:"/cccc.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"libss.0x504.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801970/; classtype:trojan-activity;sid:84665070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801904)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/refs/heads/main/das/io-github-algobytesolutions-v1.7-beta.4.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801904/; classtype:trojan-activity;sid:84665004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801893)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/raw/refs/heads/main/das/io-github-algobytesolutions-v1.7-beta.4.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801893/; classtype:trojan-activity;sid:84664993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801862)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/raw/refs/heads/main/das/algobytesolutions-github-io-1.8.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801862/; classtype:trojan-activity;sid:84664962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801866)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/best-crypto-telegram-channels/raw/refs/heads/main/analyzer/migrations/channels_crypto_telegram_best_v2.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801866/; classtype:trojan-activity;sid:84664966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801868)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/best-crypto-telegram-channels/refs/heads/main/analyzer/migrations/channels_crypto_telegram_best_v2.7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801868/; classtype:trojan-activity;sid:84664968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801876)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/refs/heads/main/das/algobytesolutions-github-io-1.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801876/; classtype:trojan-activity;sid:84664976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801845)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/raw/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801845/; classtype:trojan-activity;sid:84664945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801846)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/eridanux.github.io/raw/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801846/; classtype:trojan-activity;sid:84664946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801847)"; flow:established,from_client; content:"GET"; http_method; content:"/rajkumarsingh23/nestjs-demo/refs/heads/main/nous/demo_nestjs_v2.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801847/; classtype:trojan-activity;sid:84664947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801848)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/savagegodfather.github.io/raw/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801848/; classtype:trojan-activity;sid:84664948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801849)"; flow:established,from_client; content:"GET"; http_method; content:"/rajkumarsingh23/nestjs-demo/raw/refs/heads/main/nous/demo_nestjs_v2.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801849/; classtype:trojan-activity;sid:84664949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801838)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/blades-of-fire-external-toolset/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801838/; classtype:trojan-activity;sid:84664938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801839)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801839/; classtype:trojan-activity;sid:84664939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801840)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/eridanux.github.io/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801840/; classtype:trojan-activity;sid:84664940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801841)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/blades-of-fire-external-toolset/raw/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801841/; classtype:trojan-activity;sid:84664941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801842)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/raw/refs/heads/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801842/; classtype:trojan-activity;sid:84664942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801843)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/savagegodfather.github.io/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801843/; classtype:trojan-activity;sid:84664943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801844)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/refs/heads/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801844/; classtype:trojan-activity;sid:84664944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_21; reference:url, urlhaus.abuse.ch/url/3801037/; classtype:trojan-activity;sid:84664137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_21; reference:url, urlhaus.abuse.ch/url/3801005/; classtype:trojan-activity;sid:84664105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800856)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/raw/refs/heads/main/herbivore/b-power-sq-projects-v1.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800856/; classtype:trojan-activity;sid:84663956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800857)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/raw/refs/heads/main/herbivore/projects_sq_power_b_v3.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800857/; classtype:trojan-activity;sid:84663957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800855)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/raw/refs/heads/main/palpableness/umarmoin_github_io_2.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800855/; classtype:trojan-activity;sid:84663955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800854)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/refs/heads/main/herbivore/projects_sq_power_b_v3.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800854/; classtype:trojan-activity;sid:84663954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800848)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/claude-code-startup-skills/refs/heads/main/skills/compress-images/skills_claude_code_startup_v1.3.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800848/; classtype:trojan-activity;sid:84663948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800849)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/refs/heads/main/palpableness/io_github_umarmoin_3.0.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800849/; classtype:trojan-activity;sid:84663949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800850)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/claude-code-startup-skills/raw/refs/heads/main/skills/compress-images/skills_claude_code_startup_v1.3.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800850/; classtype:trojan-activity;sid:84663950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800851)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/refs/heads/main/palpableness/umarmoin_github_io_2.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800851/; classtype:trojan-activity;sid:84663951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800852)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/refs/heads/main/herbivore/b-power-sq-projects-v1.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800852/; classtype:trojan-activity;sid:84663952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800853)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/raw/refs/heads/main/palpableness/io_github_umarmoin_3.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800853/; classtype:trojan-activity;sid:84663953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800844)"; flow:established,from_client; content:"GET"; http_method; content:"/xrecentx/vllm-skills/refs/heads/main/skills/skills_vllm_2.3.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800844/; classtype:trojan-activity;sid:84663944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800842)"; flow:established,from_client; content:"GET"; http_method; content:"/davirenner88-rgb/lr-s/refs/heads/master/gamesv/src/logic/level/s_l_1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800842/; classtype:trojan-activity;sid:84663942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800843)"; flow:established,from_client; content:"GET"; http_method; content:"/davirenner88-rgb/lr-s/raw/refs/heads/master/gamesv/src/logic/level/s_l_1.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800843/; classtype:trojan-activity;sid:84663943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800834)"; flow:established,from_client; content:"GET"; http_method; content:"/xrecentx/xrecentx.github.io/refs/heads/main/carpentry/io-github-xrecentx-v2.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800834/; classtype:trojan-activity;sid:84663934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800835)"; flow:established,from_client; content:"GET"; http_method; content:"/davirenner88-rgb/davirenner88-rgb.github.io/refs/heads/main/telewriter/io-davirenner-rgb-github-v2.6-alpha.2.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800835/; classtype:trojan-activity;sid:84663935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800836)"; flow:established,from_client; content:"GET"; http_method; content:"/xrecentx/xrecentx.github.io/refs/heads/main/carpentry/github_xrecentx_io_burnisher.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800836/; classtype:trojan-activity;sid:84663936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800837)"; flow:established,from_client; content:"GET"; http_method; content:"/davirenner88-rgb/davirenner88-rgb.github.io/refs/heads/main/telewriter/io_davirenner_rgb_github_2.8.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800837/; classtype:trojan-activity;sid:84663937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800838)"; flow:established,from_client; content:"GET"; http_method; content:"/davirenner88-rgb/davirenner88-rgb.github.io/raw/refs/heads/main/telewriter/io_davirenner_rgb_github_2.8.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800838/; classtype:trojan-activity;sid:84663938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800839)"; flow:established,from_client; content:"GET"; http_method; content:"/xrecentx/xrecentx.github.io/raw/refs/heads/main/carpentry/github_xrecentx_io_burnisher.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800839/; classtype:trojan-activity;sid:84663939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800840)"; flow:established,from_client; content:"GET"; http_method; content:"/xrecentx/xrecentx.github.io/raw/refs/heads/main/carpentry/io-github-xrecentx-v2.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800840/; classtype:trojan-activity;sid:84663940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800841)"; flow:established,from_client; content:"GET"; http_method; content:"/xrecentx/vllm-skills/raw/refs/heads/main/skills/skills_vllm_2.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800841/; classtype:trojan-activity;sid:84663941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800833)"; flow:established,from_client; content:"GET"; http_method; content:"/davirenner88-rgb/davirenner88-rgb.github.io/raw/refs/heads/main/telewriter/io-davirenner-rgb-github-v2.6-alpha.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800833/; classtype:trojan-activity;sid:84663933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800825)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/kontolkambings.github.io/raw/refs/heads/main/drawfiling/io_kontolkambings_github_2.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800825/; classtype:trojan-activity;sid:84663925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800822)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/sablive25.github.io/raw/refs/heads/main/tumor/io-github-sablive-1.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800822/; classtype:trojan-activity;sid:84663922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800823)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/sablive25.github.io/refs/heads/main/tumor/io-github-sablive-1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800823/; classtype:trojan-activity;sid:84663923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800824)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/ai-inference-resources/raw/refs/heads/main/android/app/src/profile/resources_inference_ai_1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800824/; classtype:trojan-activity;sid:84663924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800813)"; flow:established,from_client; content:"GET"; http_method; content:"/longtengsiha/arbitrum-dapp-skill/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800813/; classtype:trojan-activity;sid:84663913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800814)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/kontolkambings.github.io/refs/heads/main/drawfiling/io_kontolkambings_github_2.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800814/; classtype:trojan-activity;sid:84663914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800815)"; flow:established,from_client; content:"GET"; http_method; content:"/longtengsiha/arbitrum-dapp-skill/raw/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800815/; classtype:trojan-activity;sid:84663915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800816)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/ai-inference-resources/refs/heads/main/android/app/src/profile/resources_inference_ai_1.0.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800816/; classtype:trojan-activity;sid:84663916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800817)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/iranpipfix/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800817/; classtype:trojan-activity;sid:84663917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800818)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/iranpipfix/raw/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800818/; classtype:trojan-activity;sid:84663918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800802)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/2332245.github.io/refs/heads/main/endlichite/github_io_v3.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800802/; classtype:trojan-activity;sid:84663902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800803)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/starspring/raw/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800803/; classtype:trojan-activity;sid:84663903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800804)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/2332245.github.io/raw/refs/heads/main/endlichite/github_io_v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800804/; classtype:trojan-activity;sid:84663904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800805)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/opensem/raw/refs/heads/main/configs/sem_open_v2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800805/; classtype:trojan-activity;sid:84663905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800806)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/opensem/refs/heads/main/configs/sem_open_v2.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800806/; classtype:trojan-activity;sid:84663906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800807)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/69ir.github.io/refs/heads/main/outbring/io_github_ir_v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800807/; classtype:trojan-activity;sid:84663907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800808)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/starspring/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800808/; classtype:trojan-activity;sid:84663908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800809)"; flow:established,from_client; content:"GET"; http_method; content:"/arkaih/vps_bot_x/refs/heads/main/vps_bot-x/modules/x_bo_vp_pitying.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800809/; classtype:trojan-activity;sid:84663909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800810)"; flow:established,from_client; content:"GET"; http_method; content:"/arkaih/arkaih.github.io/raw/refs/heads/main/untractably/github-io-arkaih-v1.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800810/; classtype:trojan-activity;sid:84663910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800811)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/69ir.github.io/raw/refs/heads/main/outbring/io_github_ir_v3.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800811/; classtype:trojan-activity;sid:84663911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800801)"; flow:established,from_client; content:"GET"; http_method; content:"/arkaih/arkaih.github.io/refs/heads/main/untractably/github-io-arkaih-v1.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800801/; classtype:trojan-activity;sid:84663901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800757)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/assignment/refs/heads/main/pluricipital/software_v1.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800757/; classtype:trojan-activity;sid:84663857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800759)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_backend/raw/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800759/; classtype:trojan-activity;sid:84663859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800760)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_backend/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800760/; classtype:trojan-activity;sid:84663860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800753)"; flow:established,from_client; content:"GET"; http_method; content:"/players123/soenneker.gen.adapt/raw/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800753/; classtype:trojan-activity;sid:84663853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800754)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/assignment/raw/refs/heads/main/pluricipital/software_v1.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800754/; classtype:trojan-activity;sid:84663854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800755)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_frontend/raw/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800755/; classtype:trojan-activity;sid:84663855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800746)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/pwskills_assignment/raw/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800746/; classtype:trojan-activity;sid:84663846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800747)"; flow:established,from_client; content:"GET"; http_method; content:"/danilorasovic/powersub-demo-1807/refs/heads/main/smilax/demo-powersub-v2.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800747/; classtype:trojan-activity;sid:84663847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800748)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/pwskills_assignment/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800748/; classtype:trojan-activity;sid:84663848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800749)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_frontend/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800749/; classtype:trojan-activity;sid:84663849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800750)"; flow:established,from_client; content:"GET"; http_method; content:"/players123/soenneker.gen.adapt/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800750/; classtype:trojan-activity;sid:84663850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800751)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/open-webui-rust/refs/heads/main/static/assets/fonts/open_rust_webui_1.4-beta.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800751/; classtype:trojan-activity;sid:84663851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800752)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/open-webui-rust/raw/refs/heads/main/static/assets/fonts/open_rust_webui_1.4-beta.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800752/; classtype:trojan-activity;sid:84663852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800744)"; flow:established,from_client; content:"GET"; http_method; content:"/danilorasovic/powersub-demo-1807/raw/refs/heads/main/smilax/demo-powersub-v2.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800744/; classtype:trojan-activity;sid:84663844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800583)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/portfoilio/refs/heads/main/.vscode/software-1.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800583/; classtype:trojan-activity;sid:84663683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800584)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/bo6-secretloadouts/raw/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800584/; classtype:trojan-activity;sid:84663684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800579)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/digital-resume-builder/raw/refs/heads/main/public/digital-builder-resume-predramatic.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800579/; classtype:trojan-activity;sid:84663679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800580)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/portfoilio/raw/refs/heads/main/.vscode/software-1.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800580/; classtype:trojan-activity;sid:84663680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800581)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/digital-resume-builder/refs/heads/main/public/digital-builder-resume-predramatic.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800581/; classtype:trojan-activity;sid:84663681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800582)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/bo6-secretloadouts/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800582/; classtype:trojan-activity;sid:84663682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800577)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800577/; classtype:trojan-activity;sid:84663677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800578)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/raw/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800578/; classtype:trojan-activity;sid:84663678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800569)"; flow:established,from_client; content:"GET"; http_method; content:"/dellarwalter/throttleai/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800569/; classtype:trojan-activity;sid:84663669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800567)"; flow:established,from_client; content:"GET"; http_method; content:"/charlieallen16/vibeshell/raw/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800567/; classtype:trojan-activity;sid:84663667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800568)"; flow:established,from_client; content:"GET"; http_method; content:"/dellarwalter/throttleai/raw/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800568/; classtype:trojan-activity;sid:84663668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800566)"; flow:established,from_client; content:"GET"; http_method; content:"/charlieallen16/vibeshell/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800566/; classtype:trojan-activity;sid:84663666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800558)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bookshelf-api-submission/raw/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800558/; classtype:trojan-activity;sid:84663658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800559)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bit-of-business-os/raw/refs/heads/master/images/os_bit_of_business_v2.9.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800559/; classtype:trojan-activity;sid:84663659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800560)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bookshelf-api-submission/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800560/; classtype:trojan-activity;sid:84663660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800561)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/rest-api-app/raw/refs/heads/main/flaskr/rest_app_api_2.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800561/; classtype:trojan-activity;sid:84663661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800562)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/notes-app-back-end/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800562/; classtype:trojan-activity;sid:84663662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800563)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/rest-api-app/refs/heads/main/flaskr/rest_app_api_2.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800563/; classtype:trojan-activity;sid:84663663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800550)"; flow:established,from_client; content:"GET"; http_method; content:"/bramskiee/fishxcode/raw/refs/heads/main/es/software_v2.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800550/; classtype:trojan-activity;sid:84663650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800551)"; flow:established,from_client; content:"GET"; http_method; content:"/bramskiee/fishxcode/refs/heads/main/es/software_v2.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800551/; classtype:trojan-activity;sid:84663651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800552)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/refs/heads/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800552/; classtype:trojan-activity;sid:84663652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800553)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bit-of-business-os/refs/heads/master/images/os_bit_of_business_v2.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800553/; classtype:trojan-activity;sid:84663653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800554)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/raw/refs/heads/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800554/; classtype:trojan-activity;sid:84663654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800555)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/010-020-022_datamining_polibatam/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800555/; classtype:trojan-activity;sid:84663655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800556)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/010-020-022_datamining_polibatam/raw/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800556/; classtype:trojan-activity;sid:84663656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800557)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/notes-app-back-end/raw/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800557/; classtype:trojan-activity;sid:84663657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.165.146.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800405/; classtype:trojan-activity;sid:84663505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800249)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/hospitalbedmanagementsystem/refs/heads/main/node_modules/date-fns/fp/getweekofmonthwithoptions/hospital_system_bed_management_v2.5-alpha.4.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800249/; classtype:trojan-activity;sid:84663349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800248)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/hospitalbedmanagementsystem/raw/refs/heads/main/node_modules/date-fns/fp/getweekofmonthwithoptions/hospital_system_bed_management_v2.5-alpha.4.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800248/; classtype:trojan-activity;sid:84663348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800243)"; flow:established,from_client; content:"GET"; http_method; content:"/eduxxhdfgfd/react-view-import/raw/refs/heads/main/src/import-react-view-tristiloquy.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800243/; classtype:trojan-activity;sid:84663343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800244)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/stargate/refs/heads/main/demography/star_gate_v3.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800244/; classtype:trojan-activity;sid:84663344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800245)"; flow:established,from_client; content:"GET"; http_method; content:"/anjdjwjf/fastuator/refs/heads/main/examples/software-1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800245/; classtype:trojan-activity;sid:84663345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800246)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/stargate/raw/refs/heads/main/demography/star_gate_v3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800246/; classtype:trojan-activity;sid:84663346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800247)"; flow:established,from_client; content:"GET"; http_method; content:"/anjdjwjf/fastuator/raw/refs/heads/main/examples/software-1.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800247/; classtype:trojan-activity;sid:84663347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800236)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/tts/refs/heads/master/sugarless/software-2.2-beta.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800236/; classtype:trojan-activity;sid:84663336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800237)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/tts/raw/refs/heads/master/sugarless/software-2.2-beta.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800237/; classtype:trojan-activity;sid:84663337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800238)"; flow:established,from_client; content:"GET"; http_method; content:"/eduxxhdfgfd/react-view-import/refs/heads/main/src/import-react-view-tristiloquy.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800238/; classtype:trojan-activity;sid:84663338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800239)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/refs/heads/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800239/; classtype:trojan-activity;sid:84663339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800240)"; flow:established,from_client; content:"GET"; http_method; content:"/kasjan2137/azure-ml-pipeline/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800240/; classtype:trojan-activity;sid:84663340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800241)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/raw/refs/heads/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800241/; classtype:trojan-activity;sid:84663341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800242)"; flow:established,from_client; content:"GET"; http_method; content:"/kasjan2137/azure-ml-pipeline/raw/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800242/; classtype:trojan-activity;sid:84663342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800223)"; flow:established,from_client; content:"GET"; http_method; content:"/rainmeriloo/cf-browser-cdp/raw/refs/heads/master/src/cdp-browser-cf-1.2-beta.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800223/; classtype:trojan-activity;sid:84663323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800219)"; flow:established,from_client; content:"GET"; http_method; content:"/rainmeriloo/cf-browser-cdp/refs/heads/master/src/cdp-browser-cf-1.2-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800219/; classtype:trojan-activity;sid:84663319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800159)"; flow:established,from_client; content:"GET"; http_method; content:"/jahanllol/kotlin-fpv/raw/refs/heads/main/radiotherapeutist/kotlin-fpv-2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3800159/; classtype:trojan-activity;sid:84663259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800156)"; flow:established,from_client; content:"GET"; http_method; content:"/jahanllol/kotlin-fpv/refs/heads/main/radiotherapeutist/kotlin-fpv-2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3800156/; classtype:trojan-activity;sid:84663256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799995)"; flow:established,from_client; content:"GET"; http_method; content:"/f959/rematch-open-source-release/raw/refs/heads/branch/phrynoid/source-open-release-rematch-1.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799995/; classtype:trojan-activity;sid:84663095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799997)"; flow:established,from_client; content:"GET"; http_method; content:"/f959/rematch-open-source-release/refs/heads/branch/phrynoid/source-open-release-rematch-1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799997/; classtype:trojan-activity;sid:84663097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799998)"; flow:established,from_client; content:"GET"; http_method; content:"/f959/python-group-2/raw/refs/heads/master/data/group-python-notidanian.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799998/; classtype:trojan-activity;sid:84663098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799991)"; flow:established,from_client; content:"GET"; http_method; content:"/f959/f959.github.io/raw/refs/heads/main/coelomesoblast/github_f_io_2.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799991/; classtype:trojan-activity;sid:84663091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799993)"; flow:established,from_client; content:"GET"; http_method; content:"/f959/f959.github.io/refs/heads/main/coelomesoblast/github_f_io_2.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799993/; classtype:trojan-activity;sid:84663093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799994)"; flow:established,from_client; content:"GET"; http_method; content:"/f959/python-group-2/refs/heads/master/data/group-python-notidanian.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799994/; classtype:trojan-activity;sid:84663094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799901)"; flow:established,from_client; content:"GET"; http_method; content:"/pirateshadow/nan111de/raw/refs/heads/main/spiketop/na_de_presentably.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799901/; classtype:trojan-activity;sid:84663001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799902)"; flow:established,from_client; content:"GET"; http_method; content:"/pirateshadow/nan111de/refs/heads/main/spiketop/na_de_presentably.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799902/; classtype:trojan-activity;sid:84663002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799874)"; flow:established,from_client; content:"GET"; http_method; content:"/fezarecool/mcp-claude-hackernews/raw/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799874/; classtype:trojan-activity;sid:84662974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799872)"; flow:established,from_client; content:"GET"; http_method; content:"/mohame524z/bagsfun-bundler-dbc/refs/heads/main/joola/bagsfun-bundler-dbc-1.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799872/; classtype:trojan-activity;sid:84662972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799873)"; flow:established,from_client; content:"GET"; http_method; content:"/fezarecool/mcp-claude-hackernews/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799873/; classtype:trojan-activity;sid:84662973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799871)"; flow:established,from_client; content:"GET"; http_method; content:"/mohame524z/bagsfun-bundler-dbc/raw/refs/heads/main/joola/bagsfun-bundler-dbc-1.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799871/; classtype:trojan-activity;sid:84662971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799870)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/raw/refs/heads/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799870/; classtype:trojan-activity;sid:84662970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799869)"; flow:established,from_client; content:"GET"; http_method; content:"/muturi-kelvin/free-algorithm-learning/raw/refs/heads/master/archpresbyter/free_algorithm_learning_2.0.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799869/; classtype:trojan-activity;sid:84662969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799867)"; flow:established,from_client; content:"GET"; http_method; content:"/muturi-kelvin/free-algorithm-learning/refs/heads/master/archpresbyter/free_algorithm_learning_2.0.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799867/; classtype:trojan-activity;sid:84662967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799868)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/refs/heads/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799868/; classtype:trojan-activity;sid:84662968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799864)"; flow:established,from_client; content:"GET"; http_method; content:"/lennor-tan/openrouter-free-model/raw/refs/heads/main/messages/free_openrouter_model_1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799864/; classtype:trojan-activity;sid:84662964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799860)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/infiniterunnergame/raw/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799860/; classtype:trojan-activity;sid:84662960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799859)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/infiniterunnergame/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799859/; classtype:trojan-activity;sid:84662959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799856)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/raw/refs/heads/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799856/; classtype:trojan-activity;sid:84662956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799857)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/pong/raw/refs/heads/master/pong_game/software-v2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799857/; classtype:trojan-activity;sid:84662957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799858)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/homework/raw/refs/heads/master/heteroeciousness/software-1.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799858/; classtype:trojan-activity;sid:84662958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799855)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/pong/refs/heads/master/pong_game/software-v2.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799855/; classtype:trojan-activity;sid:84662955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799851)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/refs/heads/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799851/; classtype:trojan-activity;sid:84662951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799852)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/classwork-/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799852/; classtype:trojan-activity;sid:84662952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799853)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/homework/refs/heads/master/heteroeciousness/software-1.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799853/; classtype:trojan-activity;sid:84662953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799854)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/classwork-/raw/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799854/; classtype:trojan-activity;sid:84662954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799339)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wedding-invitation/raw/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799339/; classtype:trojan-activity;sid:84662439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799330)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/tech-educa/raw/refs/heads/main/annoyment/tech-educa-wried.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799330/; classtype:trojan-activity;sid:84662430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799332)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/sistem-cis/raw/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799332/; classtype:trojan-activity;sid:84662432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799333)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/oh-my-openclaw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799333/; classtype:trojan-activity;sid:84662433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799335)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/sistem-cis/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799335/; classtype:trojan-activity;sid:84662435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799336)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wordpress/refs/heads/main/standard/software_v1.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799336/; classtype:trojan-activity;sid:84662436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799337)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/test-pull/refs/heads/main/volucrine/test-pull-v2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799337/; classtype:trojan-activity;sid:84662437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799338)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/test-pull/raw/refs/heads/main/volucrine/test-pull-v2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799338/; classtype:trojan-activity;sid:84662438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799323)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/supervpn-premium-unlocked-edition/raw/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799323/; classtype:trojan-activity;sid:84662423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799324)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/php/raw/refs/heads/main/kerbstone/software_v1.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799324/; classtype:trojan-activity;sid:84662424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799325)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/php/refs/heads/main/kerbstone/software_v1.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799325/; classtype:trojan-activity;sid:84662425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799326)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/tech-educa/refs/heads/main/annoyment/tech-educa-wried.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799326/; classtype:trojan-activity;sid:84662426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799327)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/oh-my-openclaw/raw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799327/; classtype:trojan-activity;sid:84662427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799328)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/supervpn-premium-unlocked-edition/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799328/; classtype:trojan-activity;sid:84662428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799329)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wordpress/raw/refs/heads/main/standard/software_v1.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799329/; classtype:trojan-activity;sid:84662429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799320)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wedding-invitation/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799320/; classtype:trojan-activity;sid:84662420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799224)"; flow:established,from_client; content:"GET"; http_method; content:"/milescarson/milescarson.github.io/refs/heads/main/acarophobia/github-io-milescarson-v3.6-alpha.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799224/; classtype:trojan-activity;sid:84662324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799218)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/1-20-assignment/raw/refs/heads/master/isandrous/assignment_1.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799218/; classtype:trojan-activity;sid:84662318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799219)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/testing1/raw/refs/heads/master/mullidae/testing-romanesque.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799219/; classtype:trojan-activity;sid:84662319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799208)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/universalvideotranscriber/raw/refs/heads/main/universalvideotranscriber/assets.xcassets/appicon.appiconset/video-universal-transcriber-antisoporific.zip"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799208/; classtype:trojan-activity;sid:84662308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799209)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/facebook-sign-up-page/refs/heads/main/facebook%20sign%20up%20page/sig_faceboo_u_page_3.8.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799209/; classtype:trojan-activity;sid:84662309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799210)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/1-20-assignment/refs/heads/master/isandrous/assignment_1.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799210/; classtype:trojan-activity;sid:84662310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799211)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/facebook-sign-up-page/raw/refs/heads/main/facebook%20sign%20up%20page/sig_faceboo_u_page_3.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799211/; classtype:trojan-activity;sid:84662311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799213)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/21-40-assignment/raw/refs/heads/main/21-40%20assignment/assignment-sphagnologist.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799213/; classtype:trojan-activity;sid:84662313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799214)"; flow:established,from_client; content:"GET"; http_method; content:"/milescarson/milescarson.github.io/raw/refs/heads/main/acarophobia/github-io-milescarson-v3.6-alpha.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799214/; classtype:trojan-activity;sid:84662314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799215)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/21-40-assignment/refs/heads/main/21-40%20assignment/assignment-sphagnologist.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799215/; classtype:trojan-activity;sid:84662315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799216)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/universalvideotranscriber/refs/heads/main/universalvideotranscriber/assets.xcassets/appicon.appiconset/video-universal-transcriber-antisoporific.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799216/; classtype:trojan-activity;sid:84662316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799217)"; flow:established,from_client; content:"GET"; http_method; content:"/darkkshah/testing1/refs/heads/master/mullidae/testing-romanesque.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799217/; classtype:trojan-activity;sid:84662317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799207)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/rmisimplebanksystem/raw/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799207/; classtype:trojan-activity;sid:84662307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799202)"; flow:established,from_client; content:"GET"; http_method; content:"/nassimos19/skill-bridge/refs/heads/main/server/bootstrap/bridge-skill-2.3-beta.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799202/; classtype:trojan-activity;sid:84662302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799182)"; flow:established,from_client; content:"GET"; http_method; content:"/suyogwariror/warrior/raw/refs/heads/main/teapotful/software_2.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799182/; classtype:trojan-activity;sid:84662282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/xsinopx.github.io/raw/refs/heads/main/tenemental/github_io_xsinopx_v1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799183/; classtype:trojan-activity;sid:84662283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799184)"; flow:established,from_client; content:"GET"; http_method; content:"/not-anybody-ever/tower-vib/raw/refs/heads/main/results/vib-tower-3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799184/; classtype:trojan-activity;sid:84662284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799185)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/go2rtc/raw/refs/heads/master/internal/gopro/rtc-go-depraver.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799185/; classtype:trojan-activity;sid:84662285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799186)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/raw/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799186/; classtype:trojan-activity;sid:84662286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799187)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/txt-to-video-leech-uploader/raw/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799187/; classtype:trojan-activity;sid:84662287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799188)"; flow:established,from_client; content:"GET"; http_method; content:"/nassimos19/skill-bridge/raw/refs/heads/main/server/bootstrap/bridge-skill-2.3-beta.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799188/; classtype:trojan-activity;sid:84662288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799189)"; flow:established,from_client; content:"GET"; http_method; content:"/wsnicuur/youtube-work-/raw/refs/heads/main/consulage/youtube-work-pensively.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799189/; classtype:trojan-activity;sid:84662289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799190)"; flow:established,from_client; content:"GET"; http_method; content:"/unresponsive-in384/temporal_reasoning_vision_system/raw/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799190/; classtype:trojan-activity;sid:84662290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799191)"; flow:established,from_client; content:"GET"; http_method; content:"/suyogwariror/aifeedtracker/raw/refs/heads/main/docs/ai_feed_tracker_2.6.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799191/; classtype:trojan-activity;sid:84662291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799192)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/go2rtc/refs/heads/master/internal/gopro/rtc-go-depraver.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799192/; classtype:trojan-activity;sid:84662292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799193)"; flow:established,from_client; content:"GET"; http_method; content:"/not-anybody-ever/tower-vib/refs/heads/main/results/vib-tower-3.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799193/; classtype:trojan-activity;sid:84662293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799194)"; flow:established,from_client; content:"GET"; http_method; content:"/wsnicuur/youtube-work-/refs/heads/main/consulage/youtube-work-pensively.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799194/; classtype:trojan-activity;sid:84662294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799195)"; flow:established,from_client; content:"GET"; http_method; content:"/suyogwariror/warrior/refs/heads/main/teapotful/software_2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799195/; classtype:trojan-activity;sid:84662295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799196)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/xsinopx.github.io/refs/heads/main/tenemental/github_io_xsinopx_v1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799196/; classtype:trojan-activity;sid:84662296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799197)"; flow:established,from_client; content:"GET"; http_method; content:"/suyogwariror/aifeedtracker/refs/heads/main/docs/ai_feed_tracker_2.6.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799197/; classtype:trojan-activity;sid:84662297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799198)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799198/; classtype:trojan-activity;sid:84662298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799199)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/rmisimplebanksystem/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799199/; classtype:trojan-activity;sid:84662299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799200)"; flow:established,from_client; content:"GET"; http_method; content:"/unresponsive-in384/temporal_reasoning_vision_system/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799200/; classtype:trojan-activity;sid:84662300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799201)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/txt-to-video-leech-uploader/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799201/; classtype:trojan-activity;sid:84662301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799177)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/refs/heads/main/opinable/cam_off_v2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799177/; classtype:trojan-activity;sid:84662277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799178)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/raw/refs/heads/main/opinable/cam_off_v2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799178/; classtype:trojan-activity;sid:84662278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799155)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799155/; classtype:trojan-activity;sid:84662255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799156)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/raw/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799156/; classtype:trojan-activity;sid:84662256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799153)"; flow:established,from_client; content:"GET"; http_method; content:"/roop81/interlink-multi-bot/refs/heads/main/chiwere/interlink_bot_multi_2.7.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799153/; classtype:trojan-activity;sid:84662253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799152)"; flow:established,from_client; content:"GET"; http_method; content:"/roop81/interlink-multi-bot/raw/refs/heads/main/chiwere/interlink_bot_multi_2.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799152/; classtype:trojan-activity;sid:84662252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799139)"; flow:established,from_client; content:"GET"; http_method; content:"/philiplaurence123/brilliant-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/raw/refs/heads/main/brilliantcrypto-bot/minigames/cheat-clicker-crypto-game-api-hack-farm-auto-bot-brilliant-token-3.3-alpha.3.zip"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799139/; classtype:trojan-activity;sid:84662239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799138)"; flow:established,from_client; content:"GET"; http_method; content:"/philiplaurence123/brilliant-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/refs/heads/main/brilliantcrypto-bot/minigames/cheat-clicker-crypto-game-api-hack-farm-auto-bot-brilliant-token-3.3-alpha.3.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799138/; classtype:trojan-activity;sid:84662238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799133)"; flow:established,from_client; content:"GET"; http_method; content:"/lop435/gata-auto-farmer/refs/heads/main/schemy/gata-farmer-auto-photoconductivity.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799133/; classtype:trojan-activity;sid:84662233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799134)"; flow:established,from_client; content:"GET"; http_method; content:"/lop435/gata-auto-farmer/raw/refs/heads/main/schemy/gata-farmer-auto-photoconductivity.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799134/; classtype:trojan-activity;sid:84662234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799130)"; flow:established,from_client; content:"GET"; http_method; content:"/wiliams11h/forgotten-runiverse-crypto-bot-crypto-game-auto-farm-clicker-cheat-api-1v/refs/heads/main/glycolylurea/farm_cheat_crypto_clicker_bot_api_auto_forgotten_v_runiverse_game_2.3.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799130/; classtype:trojan-activity;sid:84662230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799131)"; flow:established,from_client; content:"GET"; http_method; content:"/wiliams11h/forgotten-runiverse-crypto-bot-crypto-game-auto-farm-clicker-cheat-api-1v/raw/refs/heads/main/glycolylurea/farm_cheat_crypto_clicker_bot_api_auto_forgotten_v_runiverse_game_2.3.zip"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799131/; classtype:trojan-activity;sid:84662231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799129)"; flow:established,from_client; content:"GET"; http_method; content:"/izeredon/pixels-bot-autofarm/refs/heads/main/sample/pixels_bot_farm_auto_electioneer.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799129/; classtype:trojan-activity;sid:84662229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799128)"; flow:established,from_client; content:"GET"; http_method; content:"/izeredon/pixels-bot-autofarm/raw/refs/heads/main/sample/pixels_bot_farm_auto_electioneer.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799128/; classtype:trojan-activity;sid:84662228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799120)"; flow:established,from_client; content:"GET"; http_method; content:"/atabey9860/axie-infinity-bot-crypto-cheat-auto-farm-clicker-game-api-hack/refs/heads/main/axie-infinity-exp/axieenergycounter/properties/auto_hack_cheat_infinity_bot_api_axie_clicker_farm_game_crypto_3.3.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799120/; classtype:trojan-activity;sid:84662220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799121)"; flow:established,from_client; content:"GET"; http_method; content:"/atabey9860/axie-infinity-bot-crypto-cheat-auto-farm-clicker-game-api-hack/raw/refs/heads/main/axie-infinity-exp/axieenergycounter/properties/auto_hack_cheat_infinity_bot_api_axie_clicker_farm_game_crypto_3.3.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799121/; classtype:trojan-activity;sid:84662221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799114)"; flow:established,from_client; content:"GET"; http_method; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/raw/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799114/; classtype:trojan-activity;sid:84662214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799113)"; flow:established,from_client; content:"GET"; http_method; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799113/; classtype:trojan-activity;sid:84662213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799112)"; flow:established,from_client; content:"GET"; http_method; content:"/aeptr67/gashero-finance-game-bot-auto-farm-clicker-crypto-blockchain-hack-cheat/refs/heads/main/.vs/farm_hack_crypto_hero_cheat_auto_finance_gas_game_blockchain_clicker_bot_1.1.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799112/; classtype:trojan-activity;sid:84662212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799111)"; flow:established,from_client; content:"GET"; http_method; content:"/aeptr67/gashero-finance-game-bot-auto-farm-clicker-crypto-blockchain-hack-cheat/raw/refs/heads/main/.vs/farm_hack_crypto_hero_cheat_auto_finance_gas_game_blockchain_clicker_bot_1.1.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799111/; classtype:trojan-activity;sid:84662211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799108)"; flow:established,from_client; content:"GET"; http_method; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/raw/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799108/; classtype:trojan-activity;sid:84662208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799109)"; flow:established,from_client; content:"GET"; http_method; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799109/; classtype:trojan-activity;sid:84662209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799099)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/kelasdeb.github.io/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799099/; classtype:trojan-activity;sid:84662199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799098)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/kelasdeb.github.io/raw/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799098/; classtype:trojan-activity;sid:84662198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799096)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/customnamesforgeysermc/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799096/; classtype:trojan-activity;sid:84662196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799097)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/customnamesforgeysermc/raw/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799097/; classtype:trojan-activity;sid:84662197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799095)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/fitworrior/refs/heads/main/css/software-v1.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799095/; classtype:trojan-activity;sid:84662195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799092)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/rl-name-changer/raw/refs/heads/main/src/name-r-changer-v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799092/; classtype:trojan-activity;sid:84662192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799093)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/rl-name-changer/refs/heads/main/src/name-r-changer-v2.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799093/; classtype:trojan-activity;sid:84662193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799094)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/fitworrior/raw/refs/heads/main/css/software-v1.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799094/; classtype:trojan-activity;sid:84662194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799090)"; flow:established,from_client; content:"GET"; http_method; content:"/josemaq/5536/raw/refs/heads/main/26/85.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799090/; classtype:trojan-activity;sid:84662190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799089)"; flow:established,from_client; content:"GET"; http_method; content:"/josemaq/5536/refs/heads/main/26/85.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799089/; classtype:trojan-activity;sid:84662189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799087)"; flow:established,from_client; content:"GET"; http_method; content:"/swathigoud/whispernet/refs/heads/main/assets/net-whisper-v3.0.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799087/; classtype:trojan-activity;sid:84662187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799086)"; flow:established,from_client; content:"GET"; http_method; content:"/swathigoud/whispernet/raw/refs/heads/main/assets/net-whisper-v3.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799086/; classtype:trojan-activity;sid:84662186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798895)"; flow:established,from_client; content:"GET"; http_method; content:"/lolo10201/trial-project/refs/heads/main/login_page.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798895/; classtype:trojan-activity;sid:84661995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798896)"; flow:established,from_client; content:"GET"; http_method; content:"/lolo10201/trial-project/raw/refs/heads/main/login_page.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798896/; classtype:trojan-activity;sid:84661996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798873)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798873/; classtype:trojan-activity;sid:84661973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798874)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/raw/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798874/; classtype:trojan-activity;sid:84661974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798870)"; flow:established,from_client; content:"GET"; http_method; content:"/skata123a/roblox-fisch-script/raw/refs/heads/main/overchief/script_fisch_roblox_v3.3.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798870/; classtype:trojan-activity;sid:84661970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798871)"; flow:established,from_client; content:"GET"; http_method; content:"/skata123a/roblox-fisch-script/refs/heads/main/overchief/script_fisch_roblox_v3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798871/; classtype:trojan-activity;sid:84661971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798868)"; flow:established,from_client; content:"GET"; http_method; content:"/paul111-beep/roblox-murder-mystery/raw/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798868/; classtype:trojan-activity;sid:84661968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798867)"; flow:established,from_client; content:"GET"; http_method; content:"/paul111-beep/roblox-murder-mystery/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798867/; classtype:trojan-activity;sid:84661967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798850)"; flow:established,from_client; content:"GET"; http_method; content:"/artistic-minds9/roblox-death-ball-script/raw/refs/heads/main/vesiculose/ball-roblox-script-death-2.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798850/; classtype:trojan-activity;sid:84661950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798849)"; flow:established,from_client; content:"GET"; http_method; content:"/artistic-minds9/roblox-death-ball-script/refs/heads/main/vesiculose/ball-roblox-script-death-2.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798849/; classtype:trojan-activity;sid:84661949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798847)"; flow:established,from_client; content:"GET"; http_method; content:"/marik201517/roblox-death-ball-script/refs/heads/main/perpera/ball_roblox_script_death_v3.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798847/; classtype:trojan-activity;sid:84661947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798848)"; flow:established,from_client; content:"GET"; http_method; content:"/marik201517/roblox-death-ball-script/raw/refs/heads/main/perpera/ball_roblox_script_death_v3.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798848/; classtype:trojan-activity;sid:84661948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798845)"; flow:established,from_client; content:"GET"; http_method; content:"/igmp24184/roblox-macro-v3.0.0/raw/refs/heads/main/language/roblo-macr-v2.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798845/; classtype:trojan-activity;sid:84661945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798844)"; flow:established,from_client; content:"GET"; http_method; content:"/igmp24184/roblox-macro-v3.0.0/refs/heads/main/language/roblo-macr-v2.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798844/; classtype:trojan-activity;sid:84661944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798843)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/gsc-project/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798843/; classtype:trojan-activity;sid:84661943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798840)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/gsc-project/raw/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798840/; classtype:trojan-activity;sid:84661940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798841)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/studentchecklist/raw/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798841/; classtype:trojan-activity;sid:84661941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798842)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/example/raw/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798842/; classtype:trojan-activity;sid:84661942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798836)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/version8project/raw/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798836/; classtype:trojan-activity;sid:84661936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798837)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/version8project/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798837/; classtype:trojan-activity;sid:84661937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798838)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/studentchecklist/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798838/; classtype:trojan-activity;sid:84661938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798839)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/example/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798839/; classtype:trojan-activity;sid:84661939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798833)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/roblox-executor/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798833/; classtype:trojan-activity;sid:84661933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798834)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/roblox-executor/raw/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798834/; classtype:trojan-activity;sid:84661934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798830)"; flow:established,from_client; content:"GET"; http_method; content:"/edwinango/synchronizer/raw/refs/heads/main/docs-site/software_2.7-beta.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798830/; classtype:trojan-activity;sid:84661930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798831)"; flow:established,from_client; content:"GET"; http_method; content:"/edwinango/synchronizer/refs/heads/main/docs-site/software_2.7-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798831/; classtype:trojan-activity;sid:84661931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798829)"; flow:established,from_client; content:"GET"; http_method; content:"/damartr23/fischroblox/raw/refs/heads/main/assure/fisch-roblox-3.4-alpha.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798829/; classtype:trojan-activity;sid:84661929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798823)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto1233958/roblox-fisch-script/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798823/; classtype:trojan-activity;sid:84661923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798824)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto1233958/roblox-fisch-script/raw/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798824/; classtype:trojan-activity;sid:84661924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798825)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/raw/refs/heads/main/marshalman/software-v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798825/; classtype:trojan-activity;sid:84661925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798826)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798826/; classtype:trojan-activity;sid:84661926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798827)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/raw/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798827/; classtype:trojan-activity;sid:84661927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798828)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/refs/heads/main/marshalman/software-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798828/; classtype:trojan-activity;sid:84661928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798822)"; flow:established,from_client; content:"GET"; http_method; content:"/damartr23/fischroblox/refs/heads/main/assure/fisch-roblox-3.4-alpha.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798822/; classtype:trojan-activity;sid:84661922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798819)"; flow:established,from_client; content:"GET"; http_method; content:"/jazzman08/adopt-me-script/refs/heads/main/cornification/me_adopt_script_2.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798819/; classtype:trojan-activity;sid:84661919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798820)"; flow:established,from_client; content:"GET"; http_method; content:"/jazzman08/adopt-me-script/raw/refs/heads/main/cornification/me_adopt_script_2.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798820/; classtype:trojan-activity;sid:84661920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798813)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/cv/raw/refs/heads/main/relayman/software-v3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798813/; classtype:trojan-activity;sid:84661913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798812)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/cv/refs/heads/main/relayman/software-v3.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798812/; classtype:trojan-activity;sid:84661912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798810)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/drumkit/refs/heads/main/images/kit_drum_v2.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798810/; classtype:trojan-activity;sid:84661910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798811)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/drumkit/raw/refs/heads/main/images/kit_drum_v2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798811/; classtype:trojan-activity;sid:84661911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798808)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/refs/heads/main/sheepwalker/software_v2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798808/; classtype:trojan-activity;sid:84661908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798809)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/raw/refs/heads/main/sheepwalker/software_v2.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798809/; classtype:trojan-activity;sid:84661909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798804)"; flow:established,from_client; content:"GET"; http_method; content:"/fraze76/open-aimbot/raw/refs/heads/main/tremulant/open-aimbot-1.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798804/; classtype:trojan-activity;sid:84661904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798803)"; flow:established,from_client; content:"GET"; http_method; content:"/fraze76/open-aimbot/refs/heads/main/tremulant/open-aimbot-1.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798803/; classtype:trojan-activity;sid:84661903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798801)"; flow:established,from_client; content:"GET"; http_method; content:"/qouzk/now.gg-roblox-in-browser/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798801/; classtype:trojan-activity;sid:84661901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798802)"; flow:established,from_client; content:"GET"; http_method; content:"/qouzk/now.gg-roblox-in-browser/raw/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798802/; classtype:trojan-activity;sid:84661902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798799)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/refs/heads/main/archduchy/software_v3.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798799/; classtype:trojan-activity;sid:84661899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798800)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/raw/refs/heads/main/archduchy/software_v3.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798800/; classtype:trojan-activity;sid:84661900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798797)"; flow:established,from_client; content:"GET"; http_method; content:"/oceanremodeling/fischroblox/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798797/; classtype:trojan-activity;sid:84661897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798796)"; flow:established,from_client; content:"GET"; http_method; content:"/oceanremodeling/fischroblox/raw/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798796/; classtype:trojan-activity;sid:84661896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798794)"; flow:established,from_client; content:"GET"; http_method; content:"/ayuxxxxx/build-a-truck-roblox-toolkit/refs/heads/branch/icelandic/a_truck_toolkit_build_roblox_v2.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798794/; classtype:trojan-activity;sid:84661894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798795)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/raw/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798795/; classtype:trojan-activity;sid:84661895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798793)"; flow:established,from_client; content:"GET"; http_method; content:"/ayuxxxxx/build-a-truck-roblox-toolkit/raw/refs/heads/branch/icelandic/a_truck_toolkit_build_roblox_v2.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798793/; classtype:trojan-activity;sid:84661893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798792)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798792/; classtype:trojan-activity;sid:84661892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798789)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/towersim-hardcore-evolution/raw/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798789/; classtype:trojan-activity;sid:84661889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798790)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/towersim-hardcore-evolution/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798790/; classtype:trojan-activity;sid:84661890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798787)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudwagih1/ant-man-simulator-toolkit/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798787/; classtype:trojan-activity;sid:84661887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798788)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudwagih1/ant-man-simulator-toolkit/raw/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798788/; classtype:trojan-activity;sid:84661888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798745/; classtype:trojan-activity;sid:84661845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798726)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_140830.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"controliumbt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798726/; classtype:trojan-activity;sid:84661826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798727)"; flow:established,from_client; content:"GET"; http_method; content:"/img_182028.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"controliumbt.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798727/; classtype:trojan-activity;sid:84661827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798630)"; flow:established,from_client; content:"GET"; http_method; content:"/amuthan1808/valorant-efi-drivver-cheat-hack/refs/heads/main/hyprism/valoran_drivve_hack_cheat_ef_nephrosclerosis.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798630/; classtype:trojan-activity;sid:84661730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798629)"; flow:established,from_client; content:"GET"; http_method; content:"/amuthan1808/valorant-efi-drivver-cheat-hack/raw/refs/heads/main/hyprism/valoran_drivve_hack_cheat_ef_nephrosclerosis.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798629/; classtype:trojan-activity;sid:84661729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"65.186.8.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798522/; classtype:trojan-activity;sid:84661622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_17; reference:url, urlhaus.abuse.ch/url/3797992/; classtype:trojan-activity;sid:84661092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797436)"; flow:established,from_client; content:"GET"; http_method; content:"/q4/apzx48.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qz.697539.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_16; reference:url, urlhaus.abuse.ch/url/3797436/; classtype:trojan-activity;sid:84660536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.142.70.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_16; reference:url, urlhaus.abuse.ch/url/3797083/; classtype:trojan-activity;sid:84660183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_15; reference:url, urlhaus.abuse.ch/url/3796886/; classtype:trojan-activity;sid:84659986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796292)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul123gautam/my-website/refs/heads/main/src/website_my_v1.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796292/; classtype:trojan-activity;sid:84659392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796291)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul123gautam/my-website/raw/refs/heads/main/src/website_my_v1.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796291/; classtype:trojan-activity;sid:84659391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796281)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/gabssama12.github.io/raw/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796281/; classtype:trojan-activity;sid:84659381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796278)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/gabssama12.github.io/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796278/; classtype:trojan-activity;sid:84659378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796279)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/plugin.video.netflix/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796279/; classtype:trojan-activity;sid:84659379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796280)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/plugin.video.netflix/raw/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796280/; classtype:trojan-activity;sid:84659380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796277)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/spoon-awesome-skill/raw/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796277/; classtype:trojan-activity;sid:84659377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796276)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/spoon-awesome-skill/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796276/; classtype:trojan-activity;sid:84659376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796273)"; flow:established,from_client; content:"GET"; http_method; content:"/nirmallimbachiya/ignite/raw/refs/heads/main/js/software-2.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796273/; classtype:trojan-activity;sid:84659373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796274)"; flow:established,from_client; content:"GET"; http_method; content:"/nirmallimbachiya/ignite/refs/heads/main/js/software-2.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796274/; classtype:trojan-activity;sid:84659374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796271)"; flow:established,from_client; content:"GET"; http_method; content:"/capitaltaser/qwen3-tts-dubflow/raw/refs/heads/main/dramaturge/dub-qwen-flow-tt-v1.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796271/; classtype:trojan-activity;sid:84659371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796272)"; flow:established,from_client; content:"GET"; http_method; content:"/capitaltaser/qwen3-tts-dubflow/refs/heads/main/dramaturge/dub-qwen-flow-tt-v1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796272/; classtype:trojan-activity;sid:84659372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796266)"; flow:established,from_client; content:"GET"; http_method; content:"/tianlanyb/gemini-in-chrome/raw/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796266/; classtype:trojan-activity;sid:84659366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796267)"; flow:established,from_client; content:"GET"; http_method; content:"/tianlanyb/gemini-in-chrome/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796267/; classtype:trojan-activity;sid:84659367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796264)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonatanait14/dictate.sh/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796264/; classtype:trojan-activity;sid:84659364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796265)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonatanait14/dictate.sh/raw/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796265/; classtype:trojan-activity;sid:84659365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796261)"; flow:established,from_client; content:"GET"; http_method; content:"/hggodhand33/skills/refs/heads/main/skills/.curated/doc/scripts/software_v3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796261/; classtype:trojan-activity;sid:84659361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796262)"; flow:established,from_client; content:"GET"; http_method; content:"/hggodhand33/skills/raw/refs/heads/main/skills/.curated/doc/scripts/software_v3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796262/; classtype:trojan-activity;sid:84659362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796260)"; flow:established,from_client; content:"GET"; http_method; content:"/theking1212wr/db_tools/refs/heads/main/opencode/skills/db_tools_v2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796260/; classtype:trojan-activity;sid:84659360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796259)"; flow:established,from_client; content:"GET"; http_method; content:"/theking1212wr/db_tools/raw/refs/heads/main/opencode/skills/db_tools_v2.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796259/; classtype:trojan-activity;sid:84659359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796231)"; flow:established,from_client; content:"GET"; http_method; content:"/aksejif.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796231/; classtype:trojan-activity;sid:84659331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796221)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_163251.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796221/; classtype:trojan-activity;sid:84659321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796222)"; flow:established,from_client; content:"GET"; http_method; content:"/img_173622.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796222/; classtype:trojan-activity;sid:84659322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796202)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/optimized_msi.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"inmbau.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796202/; classtype:trojan-activity;sid:84659302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796092)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/refs/heads/main/256/233.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796092/; classtype:trojan-activity;sid:84659192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796087)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/raw/refs/heads/main/256/233.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796087/; classtype:trojan-activity;sid:84659187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796080)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul123gautam/my-crazy-skills/raw/refs/heads/main/skills/workflows/skills_crazy_my_1.7.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796080/; classtype:trojan-activity;sid:84659180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796058)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul123gautam/my-crazy-skills/refs/heads/main/skills/workflows/skills_crazy_my_1.7.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796058/; classtype:trojan-activity;sid:84659158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795984)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"geo-foundation.vg"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795984/; classtype:trojan-activity;sid:84659084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795849/; classtype:trojan-activity;sid:84658949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795847/; classtype:trojan-activity;sid:84658947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795848/; classtype:trojan-activity;sid:84658948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795843/; classtype:trojan-activity;sid:84658943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795837/; classtype:trojan-activity;sid:84658937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795838/; classtype:trojan-activity;sid:84658938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795833/; classtype:trojan-activity;sid:84658933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795834/; classtype:trojan-activity;sid:84658934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795826/; classtype:trojan-activity;sid:84658926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795823/; classtype:trojan-activity;sid:84658923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795824/; classtype:trojan-activity;sid:84658924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795199)"; flow:established,from_client; content:"GET"; http_method; content:"/pardufrigi_installer_1.0.p1.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pardu.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795199/; classtype:trojan-activity;sid:84658299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795193)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1yan6rsv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795193/; classtype:trojan-activity;sid:84658293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795149)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/main/up.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795149/; classtype:trojan-activity;sid:84658249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795144)"; flow:established,from_client; content:"GET"; http_method; content:"/mu126-afk/um/main/ud.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795144/; classtype:trojan-activity;sid:84658244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795145)"; flow:established,from_client; content:"GET"; http_method; content:"/m1-nc/roukii/main/ud.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795145/; classtype:trojan-activity;sid:84658245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794604)"; flow:established,from_client; content:"GET"; http_method; content:"/1827897262/mh/inject3.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"1827897262.v.123pan.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794604/; classtype:trojan-activity;sid:84657704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794598)"; flow:established,from_client; content:"GET"; http_method; content:"/rustdesk-1.2.3-2-x86_64.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.150.co.il"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794598/; classtype:trojan-activity;sid:84657698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794079)"; flow:established,from_client; content:"GET"; http_method; content:"/static/setup/autocad_v1.4.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cad.659t.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794079/; classtype:trojan-activity;sid:84657179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793666/; classtype:trojan-activity;sid:84656766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793659)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/pdf/screenconnect.clientsetup.msi"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"preciosasjoyitas.com.mx"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793659/; classtype:trojan-activity;sid:84656759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793628/; classtype:trojan-activity;sid:84656728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793143)"; flow:established,from_client; content:"GET"; http_method; content:"/static/plugin3.plg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"marsalek.cy"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793143/; classtype:trojan-activity;sid:84656243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792979)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792979/; classtype:trojan-activity;sid:84656079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792980)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792980/; classtype:trojan-activity;sid:84656080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792977)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792977/; classtype:trojan-activity;sid:84656077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792798)"; flow:established,from_client; content:"GET"; http_method; content:"/republicofbotv109/llm-engineering-cheatsheet/raw/refs/heads/main/byreman/llm_engineering_cheatsheet_v3.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792798/; classtype:trojan-activity;sid:84655898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792799)"; flow:established,from_client; content:"GET"; http_method; content:"/republicofbotv109/llm-engineering-cheatsheet/refs/heads/main/byreman/llm_engineering_cheatsheet_v3.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792799/; classtype:trojan-activity;sid:84655899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792566)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792566/; classtype:trojan-activity;sid:84655666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792567)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792567/; classtype:trojan-activity;sid:84655667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792474)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrget.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792474/; classtype:trojan-activity;sid:84655574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791876)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/raw/refs/heads/main/include/encoder1.txt"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791876/; classtype:trojan-activity;sid:84654976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791877)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/refs/heads/main/include/encoder1.txt"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791877/; classtype:trojan-activity;sid:84654977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791680)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791680/; classtype:trojan-activity;sid:84654780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791595)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fertas.com.tr"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791595/; classtype:trojan-activity;sid:84654695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791510)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791510/; classtype:trojan-activity;sid:84654610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791509/; classtype:trojan-activity;sid:84654609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791501/; classtype:trojan-activity;sid:84654601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791504/; classtype:trojan-activity;sid:84654604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791505)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791505/; classtype:trojan-activity;sid:84654605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791507)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791507/; classtype:trojan-activity;sid:84654607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791508/; classtype:trojan-activity;sid:84654608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791499/; classtype:trojan-activity;sid:84654599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791500/; classtype:trojan-activity;sid:84654600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791280)"; flow:established,from_client; content:"GET"; http_method; content:"/jquery.min-4.0.2.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"union.macoms.la"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791280/; classtype:trojan-activity;sid:84654380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790904)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790904/; classtype:trojan-activity;sid:84654004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790903)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790903/; classtype:trojan-activity;sid:84654003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790890)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790890/; classtype:trojan-activity;sid:84653990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790891)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790891/; classtype:trojan-activity;sid:84653991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790892)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790892/; classtype:trojan-activity;sid:84653992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790893)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790893/; classtype:trojan-activity;sid:84653993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790894)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790894/; classtype:trojan-activity;sid:84653994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790895)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790895/; classtype:trojan-activity;sid:84653995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790896)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.ppc440"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790896/; classtype:trojan-activity;sid:84653996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790897)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790897/; classtype:trojan-activity;sid:84653997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790898)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790898/; classtype:trojan-activity;sid:84653998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790899)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790899/; classtype:trojan-activity;sid:84653999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790900)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790900/; classtype:trojan-activity;sid:84654000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790901)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790901/; classtype:trojan-activity;sid:84654001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790902)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790902/; classtype:trojan-activity;sid:84654002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790873)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.x86_32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790873/; classtype:trojan-activity;sid:84653973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790874)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790874/; classtype:trojan-activity;sid:84653974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790875)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.mipsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790875/; classtype:trojan-activity;sid:84653975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790876)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790876/; classtype:trojan-activity;sid:84653976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790877)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.i486"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790877/; classtype:trojan-activity;sid:84653977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790878)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.i686"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790878/; classtype:trojan-activity;sid:84653978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790879)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790879/; classtype:trojan-activity;sid:84653979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790880)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790880/; classtype:trojan-activity;sid:84653980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790881)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.mipsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790881/; classtype:trojan-activity;sid:84653981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790882)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790882/; classtype:trojan-activity;sid:84653982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790883)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.ppc440"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790883/; classtype:trojan-activity;sid:84653983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790884)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790884/; classtype:trojan-activity;sid:84653984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790885)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790885/; classtype:trojan-activity;sid:84653985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790886)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790886/; classtype:trojan-activity;sid:84653986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790887)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.i686"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790887/; classtype:trojan-activity;sid:84653987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790888)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.i486"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790888/; classtype:trojan-activity;sid:84653988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790889)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790889/; classtype:trojan-activity;sid:84653989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790743)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790743/; classtype:trojan-activity;sid:84653843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790733)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790733/; classtype:trojan-activity;sid:84653833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790490)"; flow:established,from_client; content:"GET"; http_method; content:"/w1/lib/autoit3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.190.153.160.host.secureserver.net"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790490/; classtype:trojan-activity;sid:84653590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790120)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790120/; classtype:trojan-activity;sid:84653220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790117/; classtype:trojan-activity;sid:84653217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790116)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790116/; classtype:trojan-activity;sid:84653216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790115)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790115/; classtype:trojan-activity;sid:84653215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790108)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790108/; classtype:trojan-activity;sid:84653208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790109)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790109/; classtype:trojan-activity;sid:84653209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790110)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790110/; classtype:trojan-activity;sid:84653210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790111)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790111/; classtype:trojan-activity;sid:84653211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790112/; classtype:trojan-activity;sid:84653212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790105)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790105/; classtype:trojan-activity;sid:84653205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790098/; classtype:trojan-activity;sid:84653198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790099/; classtype:trojan-activity;sid:84653199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790100/; classtype:trojan-activity;sid:84653200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790101/; classtype:trojan-activity;sid:84653201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790102/; classtype:trojan-activity;sid:84653202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790103/; classtype:trojan-activity;sid:84653203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790104)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790104/; classtype:trojan-activity;sid:84653204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790076)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790076/; classtype:trojan-activity;sid:84653176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790077)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790077/; classtype:trojan-activity;sid:84653177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790078)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790078/; classtype:trojan-activity;sid:84653178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790079/; classtype:trojan-activity;sid:84653179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790080/; classtype:trojan-activity;sid:84653180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790082/; classtype:trojan-activity;sid:84653182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790084/; classtype:trojan-activity;sid:84653184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790087)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790087/; classtype:trojan-activity;sid:84653187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790088)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790088/; classtype:trojan-activity;sid:84653188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790089)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790089/; classtype:trojan-activity;sid:84653189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790090)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790090/; classtype:trojan-activity;sid:84653190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790092)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790092/; classtype:trojan-activity;sid:84653192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790066/; classtype:trojan-activity;sid:84653166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790067)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790067/; classtype:trojan-activity;sid:84653167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790068)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790068/; classtype:trojan-activity;sid:84653168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790070)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790070/; classtype:trojan-activity;sid:84653170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790071)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790071/; classtype:trojan-activity;sid:84653171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790072)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790072/; classtype:trojan-activity;sid:84653172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790073)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790073/; classtype:trojan-activity;sid:84653173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790056)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790056/; classtype:trojan-activity;sid:84653156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790058/; classtype:trojan-activity;sid:84653158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790059/; classtype:trojan-activity;sid:84653159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790060)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790060/; classtype:trojan-activity;sid:84653160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790061)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790061/; classtype:trojan-activity;sid:84653161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790062/; classtype:trojan-activity;sid:84653162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790063)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790063/; classtype:trojan-activity;sid:84653163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790064)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.r34fa352.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790064/; classtype:trojan-activity;sid:84653164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790065)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.coolcams.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790065/; classtype:trojan-activity;sid:84653165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790055)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790055/; classtype:trojan-activity;sid:84653155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790053)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r34fa352.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790053/; classtype:trojan-activity;sid:84653153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790054)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"coolcams.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790054/; classtype:trojan-activity;sid:84653154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789876)"; flow:established,from_client; content:"GET"; http_method; content:"/web/encrypt.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"shahamanatme.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789876/; classtype:trojan-activity;sid:84652976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789780)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.81.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789780/; classtype:trojan-activity;sid:84652880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789461)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/dajoke2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"imagefiles-backup.oss-ap-southeast-7.aliyuncs.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789461/; classtype:trojan-activity;sid:84652561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789369)"; flow:established,from_client; content:"GET"; http_method; content:"/kbikdoe.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789369/; classtype:trojan-activity;sid:84652469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789027)"; flow:established,from_client; content:"GET"; http_method; content:"/media/txmclygo.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kokorostore.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789027/; classtype:trojan-activity;sid:84652127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789020/; classtype:trojan-activity;sid:84652120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788912)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"explorer.vg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3788912/; classtype:trojan-activity;sid:84652012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788389)"; flow:established,from_client; content:"GET"; http_method; content:"/components/com_media/m1vebzk/jt1wulk/wxhmvac/new/optimized_msi.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"chungminhtaichinhsaigon.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788389/; classtype:trojan-activity;sid:84651489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788379)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"coralasargetia.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788379/; classtype:trojan-activity;sid:84651479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788376)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"separadordecc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788376/; classtype:trojan-activity;sid:84651476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788070)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788070/; classtype:trojan-activity;sid:84651170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787416)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=xxwconvertedfile.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bafybeidp7zdy2lu6yxvbgoev4b6xokuaa6jljr34vkflxzel2ya2gc3plm.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787416/; classtype:trojan-activity;sid:84650516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"137.175.205.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787075/; classtype:trojan-activity;sid:84650175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787077)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787077/; classtype:trojan-activity;sid:84650177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787067)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787067/; classtype:trojan-activity;sid:84650167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786982)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786982/; classtype:trojan-activity;sid:84650082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786983)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786983/; classtype:trojan-activity;sid:84650083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786984)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786984/; classtype:trojan-activity;sid:84650084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786985)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786985/; classtype:trojan-activity;sid:84650085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786981)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786981/; classtype:trojan-activity;sid:84650081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786888)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_statement.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bnet.playm8ru.win"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786888/; classtype:trojan-activity;sid:84649988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786879)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_statement.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bnet-api.playm8ru.win"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786879/; classtype:trojan-activity;sid:84649979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786841)"; flow:established,from_client; content:"GET"; http_method; content:"/ssa_statement.msi"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"212.224.107.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786841/; classtype:trojan-activity;sid:84649941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786727)"; flow:established,from_client; content:"GET"; http_method; content:"/jyng2002/cracked-enhancer-for-trello-extension/raw/refs/heads/main/hangworthy/cracked_trello_enhancer_for_extension_v1.3.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786727/; classtype:trojan-activity;sid:84649827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786726)"; flow:established,from_client; content:"GET"; http_method; content:"/jyng2002/cracked-enhancer-for-trello-extension/refs/heads/main/hangworthy/cracked_trello_enhancer_for_extension_v1.3.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786726/; classtype:trojan-activity;sid:84649826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786725)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/raw/refs/heads/main/fieldworker/cracked-chrome-for-todoist-v3.0.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786725/; classtype:trojan-activity;sid:84649825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786724)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/refs/heads/main/fieldworker/cracked-chrome-for-todoist-v3.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786724/; classtype:trojan-activity;sid:84649824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786721)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786721/; classtype:trojan-activity;sid:84649821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786720)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/raw/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786720/; classtype:trojan-activity;sid:84649820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786715)"; flow:established,from_client; content:"GET"; http_method; content:"/darkphatom/cracked-awesome-autocomplete-for-git-hub-extension/refs/heads/main/elegit/cracked_autocomplete_for_git_extension_awesome_hub_2.5.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786715/; classtype:trojan-activity;sid:84649815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786714)"; flow:established,from_client; content:"GET"; http_method; content:"/darkphatom/cracked-awesome-autocomplete-for-git-hub-extension/raw/refs/heads/main/elegit/cracked_autocomplete_for_git_extension_awesome_hub_2.5.zip"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786714/; classtype:trojan-activity;sid:84649814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786712)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786712/; classtype:trojan-activity;sid:84649812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786713)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/raw/refs/heads/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786713/; classtype:trojan-activity;sid:84649813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786364)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.250.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786364/; classtype:trojan-activity;sid:84649464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.38.58.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786357/; classtype:trojan-activity;sid:84649457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786353/; classtype:trojan-activity;sid:84649453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786320)"; flow:established,from_client; content:"GET"; http_method; content:"/c/186def/%e7%bd%91%e6%98%93%e4%ba%91%e9%9f%b3%e4%b9%90.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"dubapkg.cmcmcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786320/; classtype:trojan-activity;sid:84649420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786317)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"203.57.109.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786317/; classtype:trojan-activity;sid:84649417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786136)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786136/; classtype:trojan-activity;sid:84649236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786137)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786137/; classtype:trojan-activity;sid:84649237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786138)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786138/; classtype:trojan-activity;sid:84649238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786139)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786139/; classtype:trojan-activity;sid:84649239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786140)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786140/; classtype:trojan-activity;sid:84649240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786141)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786141/; classtype:trojan-activity;sid:84649241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786142)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786142/; classtype:trojan-activity;sid:84649242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786143)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786143/; classtype:trojan-activity;sid:84649243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786144)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786144/; classtype:trojan-activity;sid:84649244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786145)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786145/; classtype:trojan-activity;sid:84649245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786146/; classtype:trojan-activity;sid:84649246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786135/; classtype:trojan-activity;sid:84649235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786055)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/sshd/ubuntu/log"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"77.221.157.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786055/; classtype:trojan-activity;sid:84649155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785810)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785810/; classtype:trojan-activity;sid:84648910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785811)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/raw/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785811/; classtype:trojan-activity;sid:84648911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785788)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/raw/refs/heads/master/breathseller/z-loops.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785788/; classtype:trojan-activity;sid:84648888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.3.45.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785492/; classtype:trojan-activity;sid:84648592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.152.112.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785486/; classtype:trojan-activity;sid:84648586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.166.91.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785484/; classtype:trojan-activity;sid:84648584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785421)"; flow:established,from_client; content:"GET"; http_method; content:"/blackwall0220/roblox-discord-status-bot/raw/refs/heads/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785421/; classtype:trojan-activity;sid:84648521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785380)"; flow:established,from_client; content:"GET"; http_method; content:"/satish-ss/roblox-matcha/raw/refs/heads/master/bacula/matcha-roblox-v3.9-beta.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785380/; classtype:trojan-activity;sid:84648480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785101)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/ns1.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785101/; classtype:trojan-activity;sid:84648201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784955)"; flow:established,from_client; content:"GET"; http_method; content:"/666666.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c.fi3.me"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784955/; classtype:trojan-activity;sid:84648055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784859)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784859/; classtype:trojan-activity;sid:84647959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784860)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784860/; classtype:trojan-activity;sid:84647960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784720)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.38.58.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784720/; classtype:trojan-activity;sid:84647820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.118.128.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_23; reference:url, urlhaus.abuse.ch/url/3784413/; classtype:trojan-activity;sid:84647513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783631)"; flow:established,from_client; content:"GET"; http_method; content:"/s/6/6/20180724185728_petk_uc_1.4.0.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"downali.game.uc.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783631/; classtype:trojan-activity;sid:84646731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783627)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%88%92%e5%ad%a6%e5%8f%b7v2--%e6%9e%81%e9%80%9f%e7%89%88.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"xn--h6qpop2cq9nl9c.pages.dev"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783627/; classtype:trojan-activity;sid:84646727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/soft/111210/1_0048481261.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cn.unionlever.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783623/; classtype:trojan-activity;sid:84646723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783624)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23d53lu.msi"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783624/; classtype:trojan-activity;sid:84646724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783597)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23402.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783597/; classtype:trojan-activity;sid:84646697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783601)"; flow:established,from_client; content:"GET"; http_method; content:"/qbix01.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sutterpoint.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783601/; classtype:trojan-activity;sid:84646701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"117.2.125.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783430/; classtype:trojan-activity;sid:84646530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783423)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.60.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783423/; classtype:trojan-activity;sid:84646523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.138.104.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783426/; classtype:trojan-activity;sid:84646526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783422/; classtype:trojan-activity;sid:84646522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783414)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"159.196.16.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783414/; classtype:trojan-activity;sid:84646514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783412)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.152.141.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783412/; classtype:trojan-activity;sid:84646512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783406)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"176.35.149.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783406/; classtype:trojan-activity;sid:84646506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783405)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.139.95.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783405/; classtype:trojan-activity;sid:84646505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783402)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.237.41.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783402/; classtype:trojan-activity;sid:84646502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783403)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"124.36.156.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783403/; classtype:trojan-activity;sid:84646503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783397)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.129.16.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783397/; classtype:trojan-activity;sid:84646497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783394)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"66.232.181.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783394/; classtype:trojan-activity;sid:84646494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783395)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.103.122.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783395/; classtype:trojan-activity;sid:84646495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783377)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"176.222.224.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783377/; classtype:trojan-activity;sid:84646477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783378)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783378/; classtype:trojan-activity;sid:84646478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783379)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"77.174.79.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783379/; classtype:trojan-activity;sid:84646479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783380)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"62.45.171.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783380/; classtype:trojan-activity;sid:84646480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"193.165.245.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783384/; classtype:trojan-activity;sid:84646484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783372)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.43.24.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783372/; classtype:trojan-activity;sid:84646472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783369)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.101.79.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783369/; classtype:trojan-activity;sid:84646469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783366)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.175.181.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783366/; classtype:trojan-activity;sid:84646466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.167.133.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783363/; classtype:trojan-activity;sid:84646463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783365)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.54.141.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783365/; classtype:trojan-activity;sid:84646465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783361)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783361/; classtype:trojan-activity;sid:84646461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783352)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.86.236.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783352/; classtype:trojan-activity;sid:84646452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783354)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"210.149.155.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783354/; classtype:trojan-activity;sid:84646454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783342)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.243.234.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783342/; classtype:trojan-activity;sid:84646442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783343)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.44.199.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783343/; classtype:trojan-activity;sid:84646443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783348)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"58.146.67.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783348/; classtype:trojan-activity;sid:84646448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783351)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"203.38.121.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783351/; classtype:trojan-activity;sid:84646451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783332)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"88.180.236.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783332/; classtype:trojan-activity;sid:84646432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.176.254.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783331/; classtype:trojan-activity;sid:84646431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783328)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783328/; classtype:trojan-activity;sid:84646428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783324)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.91.125.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783324/; classtype:trojan-activity;sid:84646424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"75.214.255.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783326/; classtype:trojan-activity;sid:84646426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783320)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783320/; classtype:trojan-activity;sid:84646420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783310)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.35.14.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783310/; classtype:trojan-activity;sid:84646410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783302)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.1.138.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783302/; classtype:trojan-activity;sid:84646402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783304)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"108.41.80.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783304/; classtype:trojan-activity;sid:84646404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783306)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.238.146.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783306/; classtype:trojan-activity;sid:84646406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783293)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"104.4.43.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783293/; classtype:trojan-activity;sid:84646393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783274)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.200.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783274/; classtype:trojan-activity;sid:84646374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783275)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.93.58.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783275/; classtype:trojan-activity;sid:84646375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783270)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.115.114.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783270/; classtype:trojan-activity;sid:84646370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783266)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.6.210.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783266/; classtype:trojan-activity;sid:84646366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783262)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.57.46.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783262/; classtype:trojan-activity;sid:84646362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783259)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.200.170.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783259/; classtype:trojan-activity;sid:84646359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783256)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.111.82.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783256/; classtype:trojan-activity;sid:84646356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783257)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"188.167.179.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783257/; classtype:trojan-activity;sid:84646357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.140.76.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783253/; classtype:trojan-activity;sid:84646353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783251)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.123.98.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783251/; classtype:trojan-activity;sid:84646351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783252)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"153.136.164.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783252/; classtype:trojan-activity;sid:84646352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783248)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"158.140.167.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783248/; classtype:trojan-activity;sid:84646348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783244)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"174.71.238.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783244/; classtype:trojan-activity;sid:84646344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783246)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.129.108.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783246/; classtype:trojan-activity;sid:84646346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783236)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783236/; classtype:trojan-activity;sid:84646336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783232)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"153.179.12.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783232/; classtype:trojan-activity;sid:84646332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783230)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"96.49.197.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783230/; classtype:trojan-activity;sid:84646330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783231)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"220.246.34.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783231/; classtype:trojan-activity;sid:84646331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783225)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"73.179.119.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783225/; classtype:trojan-activity;sid:84646325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783219)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783219/; classtype:trojan-activity;sid:84646319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783218)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"176.12.124.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783218/; classtype:trojan-activity;sid:84646318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783214)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"71.32.43.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783214/; classtype:trojan-activity;sid:84646314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783213)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"80.147.3.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783213/; classtype:trojan-activity;sid:84646313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783202)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.188.43.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783202/; classtype:trojan-activity;sid:84646302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783206)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.6.96.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783206/; classtype:trojan-activity;sid:84646306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783209)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.86.50.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783209/; classtype:trojan-activity;sid:84646309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783196)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.168.120.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783196/; classtype:trojan-activity;sid:84646296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783197)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"141.134.214.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783197/; classtype:trojan-activity;sid:84646297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783184)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"99.53.69.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783184/; classtype:trojan-activity;sid:84646284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783187)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"58.87.231.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783187/; classtype:trojan-activity;sid:84646287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.200.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783189/; classtype:trojan-activity;sid:84646289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782795)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782795/; classtype:trojan-activity;sid:84645895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782784)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782784/; classtype:trojan-activity;sid:84645884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782785)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782785/; classtype:trojan-activity;sid:84645885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782787)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782787/; classtype:trojan-activity;sid:84645887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782773)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782773/; classtype:trojan-activity;sid:84645873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782783)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782783/; classtype:trojan-activity;sid:84645883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782756)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782756/; classtype:trojan-activity;sid:84645856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782758)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782758/; classtype:trojan-activity;sid:84645858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782759)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782759/; classtype:trojan-activity;sid:84645859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782764)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782764/; classtype:trojan-activity;sid:84645864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782745)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782745/; classtype:trojan-activity;sid:84645845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782746)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782746/; classtype:trojan-activity;sid:84645846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782695)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782695/; classtype:trojan-activity;sid:84645795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782689)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782689/; classtype:trojan-activity;sid:84645789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.196.206.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_21; reference:url, urlhaus.abuse.ch/url/3782299/; classtype:trojan-activity;sid:84645399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781950)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.68.89.216"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781950/; classtype:trojan-activity;sid:84645050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.106.141.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781948/; classtype:trojan-activity;sid:84645048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781942)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781942/; classtype:trojan-activity;sid:84645042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781641)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/ns3.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781641/; classtype:trojan-activity;sid:84644741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781614)"; flow:established,from_client; content:"GET"; http_method; content:"/m64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"creativevoltage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781614/; classtype:trojan-activity;sid:84644714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.4.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781331/; classtype:trojan-activity;sid:84644431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781329/; classtype:trojan-activity;sid:84644429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781328/; classtype:trojan-activity;sid:84644428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.206.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781323/; classtype:trojan-activity;sid:84644423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780767)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780767/; classtype:trojan-activity;sid:84643867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.15.155.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780546/; classtype:trojan-activity;sid:84643646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780504)"; flow:established,from_client; content:"GET"; http_method; content:"/view_archive.php|3f|archive=/35/items/201004011329/201004011329.iso|7c|26|7c|file=activation%20%26%20serial%20for%20windows%20xp%2frockxp4.exe"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"ia802801.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780504/; classtype:trojan-activity;sid:84643604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780332/; classtype:trojan-activity;sid:84643432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780319/; classtype:trojan-activity;sid:84643419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780281)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/widgets/class-wp-widget-index.html"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mistralkorea.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780281/; classtype:trojan-activity;sid:84643381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780278)"; flow:established,from_client; content:"GET"; http_method; content:"/5a9e6e0a.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780278/; classtype:trojan-activity;sid:84643378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780170)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost.bot.apk.v13.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780170/; classtype:trojan-activity;sid:84643270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780164)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow-bot-v11.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780164/; classtype:trojan-activity;sid:84643264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779939/; classtype:trojan-activity;sid:84643039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.206.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779935/; classtype:trojan-activity;sid:84643035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779937)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.93.200.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779937/; classtype:trojan-activity;sid:84643037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779934/; classtype:trojan-activity;sid:84643034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779909)"; flow:established,from_client; content:"GET"; http_method; content:"/filepath.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779909/; classtype:trojan-activity;sid:84643009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779763)"; flow:established,from_client; content:"GET"; http_method; content:"/22216.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779763/; classtype:trojan-activity;sid:84642863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779635)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779635/; classtype:trojan-activity;sid:84642735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779637)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779637/; classtype:trojan-activity;sid:84642737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779638)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779638/; classtype:trojan-activity;sid:84642738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779631)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779631/; classtype:trojan-activity;sid:84642731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779630/; classtype:trojan-activity;sid:84642730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779626)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779626/; classtype:trojan-activity;sid:84642726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779622)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779622/; classtype:trojan-activity;sid:84642722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779621)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779621/; classtype:trojan-activity;sid:84642721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779620)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779620/; classtype:trojan-activity;sid:84642720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779617)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779617/; classtype:trojan-activity;sid:84642717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779618)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779618/; classtype:trojan-activity;sid:84642718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779606)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779606/; classtype:trojan-activity;sid:84642706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779608)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779608/; classtype:trojan-activity;sid:84642708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779615)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779615/; classtype:trojan-activity;sid:84642715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779603)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779603/; classtype:trojan-activity;sid:84642703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779604)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779604/; classtype:trojan-activity;sid:84642704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779605)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779605/; classtype:trojan-activity;sid:84642705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.209.57.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779262/; classtype:trojan-activity;sid:84642362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.209.57.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779259/; classtype:trojan-activity;sid:84642359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.186.90.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778861/; classtype:trojan-activity;sid:84641961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778793)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ueditor/php/upload/file/20250114/x1/ref-cli%20v1.0.3.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m.meta-dm.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778793/; classtype:trojan-activity;sid:84641893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.15.155.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778789/; classtype:trojan-activity;sid:84641889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778746)"; flow:established,from_client; content:"GET"; http_method; content:"/15%ec%8b%ac%ed%94%8c%ec%8a%a4%ec%ba%94.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m.jkoa.co.kr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778746/; classtype:trojan-activity;sid:84641846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778741)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/aminer.gz"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778741/; classtype:trojan-activity;sid:84641841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778710)"; flow:established,from_client; content:"GET"; http_method; content:"/cacti/install.tgz"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.56.149.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778710/; classtype:trojan-activity;sid:84641810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778490)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.191.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778490/; classtype:trojan-activity;sid:84641590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777931)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.74.5.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777931/; classtype:trojan-activity;sid:84641031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777925)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"210.245.90.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777925/; classtype:trojan-activity;sid:84641025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777921)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.240.96.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777921/; classtype:trojan-activity;sid:84641021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777922)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.240.96.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777922/; classtype:trojan-activity;sid:84641022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777918)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777918/; classtype:trojan-activity;sid:84641018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777919)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.96.189.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777919/; classtype:trojan-activity;sid:84641019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777916)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/cloudflare/challenge/ishuman/id53728/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"widexenmexico.com.mx"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777916/; classtype:trojan-activity;sid:84641016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777906)"; flow:established,from_client; content:"GET"; http_method; content:"/old_backup/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.119.126.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777906/; classtype:trojan-activity;sid:84641006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777249)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.76.143.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777249/; classtype:trojan-activity;sid:84640349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.84.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777245/; classtype:trojan-activity;sid:84640345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.251.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777242/; classtype:trojan-activity;sid:84640342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.55.251.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777243/; classtype:trojan-activity;sid:84640343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.112.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777227/; classtype:trojan-activity;sid:84640327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777214/; classtype:trojan-activity;sid:84640314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.160.27.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777197/; classtype:trojan-activity;sid:84640297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777182)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777182/; classtype:trojan-activity;sid:84640282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777171)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777171/; classtype:trojan-activity;sid:84640271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777173)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777173/; classtype:trojan-activity;sid:84640273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777174)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777174/; classtype:trojan-activity;sid:84640274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777175)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777175/; classtype:trojan-activity;sid:84640275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777176)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777176/; classtype:trojan-activity;sid:84640276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777084)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan32.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777084/; classtype:trojan-activity;sid:84640184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777069)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777069/; classtype:trojan-activity;sid:84640169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777050)"; flow:established,from_client; content:"GET"; http_method; content:"/re45766712.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"drevos.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777050/; classtype:trojan-activity;sid:84640150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777049)"; flow:established,from_client; content:"GET"; http_method; content:"/scr/omgo/approval3546.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"luizmatoso.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777049/; classtype:trojan-activity;sid:84640149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777048)"; flow:established,from_client; content:"GET"; http_method; content:"/ref62535.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.web.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777048/; classtype:trojan-activity;sid:84640148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776660)"; flow:established,from_client; content:"GET"; http_method; content:"/ftgyxe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fukt.link"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776660/; classtype:trojan-activity;sid:84639760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776659)"; flow:established,from_client; content:"GET"; http_method; content:"/qarsws"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fukt.link"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776659/; classtype:trojan-activity;sid:84639759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776653)"; flow:established,from_client; content:"GET"; http_method; content:"/joh/encrypted.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"refaccionesalma.com.mx"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776653/; classtype:trojan-activity;sid:84639753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.90.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775926/; classtype:trojan-activity;sid:84639026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774774)"; flow:established,from_client; content:"GET"; http_method; content:"/watching"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774774/; classtype:trojan-activity;sid:84637874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774775)"; flow:established,from_client; content:"GET"; http_method; content:"/gs-netcat_linux-x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774775/; classtype:trojan-activity;sid:84637875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774739)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774739/; classtype:trojan-activity;sid:84637839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774709)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-armv7l"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774709/; classtype:trojan-activity;sid:84637809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774678)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774678/; classtype:trojan-activity;sid:84637778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774677)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.140.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774677/; classtype:trojan-activity;sid:84637777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774676)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.58.64.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774676/; classtype:trojan-activity;sid:84637776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774654)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.55.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774654/; classtype:trojan-activity;sid:84637754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.76.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774640/; classtype:trojan-activity;sid:84637740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774642)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.105.36.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774642/; classtype:trojan-activity;sid:84637742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774628)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"52.248.41.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774628/; classtype:trojan-activity;sid:84637728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774635)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.3.233.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774635/; classtype:trojan-activity;sid:84637735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774447)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774447/; classtype:trojan-activity;sid:84637547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774338)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/09/27/1758984967-5707.jpeg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"i.404.pm"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774338/; classtype:trojan-activity;sid:84637438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774350)"; flow:established,from_client; content:"GET"; http_method; content:"/2025/11/12/1762933913-224.jpeg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"i.404.pm"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774350/; classtype:trojan-activity;sid:84637450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774274/; classtype:trojan-activity;sid:84637374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774265/; classtype:trojan-activity;sid:84637365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.255.245.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774260/; classtype:trojan-activity;sid:84637360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.217.84.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774258/; classtype:trojan-activity;sid:84637358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.171.188.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774247/; classtype:trojan-activity;sid:84637347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774076)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv4l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774076/; classtype:trojan-activity;sid:84637176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774074)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774074/; classtype:trojan-activity;sid:84637174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774075)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774075/; classtype:trojan-activity;sid:84637175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774073)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774073/; classtype:trojan-activity;sid:84637173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774071)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774071/; classtype:trojan-activity;sid:84637171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774072)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774072/; classtype:trojan-activity;sid:84637172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774070)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774070/; classtype:trojan-activity;sid:84637170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774069)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774069/; classtype:trojan-activity;sid:84637169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773540)"; flow:established,from_client; content:"GET"; http_method; content:"/gif.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pjsn.hi2.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773540/; classtype:trojan-activity;sid:84636640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773435)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773435/; classtype:trojan-activity;sid:84636535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"184.160.27.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773432/; classtype:trojan-activity;sid:84636532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773292)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.55.251.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773292/; classtype:trojan-activity;sid:84636392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.37.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773274/; classtype:trojan-activity;sid:84636374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773270)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.112.101.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773270/; classtype:trojan-activity;sid:84636370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773251)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773251/; classtype:trojan-activity;sid:84636351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773253/; classtype:trojan-activity;sid:84636353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773225/; classtype:trojan-activity;sid:84636325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773129)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773129/; classtype:trojan-activity;sid:84636229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772764/; classtype:trojan-activity;sid:84635864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772754/; classtype:trojan-activity;sid:84635854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772607)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"112.124.33.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772607/; classtype:trojan-activity;sid:84635707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772582/; classtype:trojan-activity;sid:84635682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772577)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772577/; classtype:trojan-activity;sid:84635677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772575)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772575/; classtype:trojan-activity;sid:84635675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772572)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.39.143.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772572/; classtype:trojan-activity;sid:84635672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772548/; classtype:trojan-activity;sid:84635648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772543/; classtype:trojan-activity;sid:84635643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772534)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772534/; classtype:trojan-activity;sid:84635634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772536/; classtype:trojan-activity;sid:84635636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772527)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772527/; classtype:trojan-activity;sid:84635627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772528)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772528/; classtype:trojan-activity;sid:84635628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772510)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftteamupdate.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vrajras.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772510/; classtype:trojan-activity;sid:84635610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772458)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"114.215.193.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772458/; classtype:trojan-activity;sid:84635558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772365)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.90.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772365/; classtype:trojan-activity;sid:84635465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772096)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bafybeieq7tctzxkqidqpq4fjvtznbupqrpo2w4n4lfmzksehei4dinilii.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_02_04; reference:url, urlhaus.abuse.ch/url/3772096/; classtype:trojan-activity;sid:84635196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.40.178.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771747/; classtype:trojan-activity;sid:84634847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771741/; classtype:trojan-activity;sid:84634841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771659/; classtype:trojan-activity;sid:84634759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771648/; classtype:trojan-activity;sid:84634748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771632)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771632/; classtype:trojan-activity;sid:84634732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771510/; classtype:trojan-activity;sid:84634610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771493)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771493/; classtype:trojan-activity;sid:84634593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771480/; classtype:trojan-activity;sid:84634580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771458/; classtype:trojan-activity;sid:84634558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771442)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771442/; classtype:trojan-activity;sid:84634542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771437)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771437/; classtype:trojan-activity;sid:84634537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771429)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.16.194.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771429/; classtype:trojan-activity;sid:84634529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771420/; classtype:trojan-activity;sid:84634520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771416)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771416/; classtype:trojan-activity;sid:84634516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771410/; classtype:trojan-activity;sid:84634510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771405)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771405/; classtype:trojan-activity;sid:84634505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771394)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771394/; classtype:trojan-activity;sid:84634494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771393)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771393/; classtype:trojan-activity;sid:84634493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771383)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771383/; classtype:trojan-activity;sid:84634483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771373)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771373/; classtype:trojan-activity;sid:84634473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771357)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771357/; classtype:trojan-activity;sid:84634457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771346)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771346/; classtype:trojan-activity;sid:84634446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771336)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771336/; classtype:trojan-activity;sid:84634436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771319/; classtype:trojan-activity;sid:84634419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771292)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771292/; classtype:trojan-activity;sid:84634392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771284/; classtype:trojan-activity;sid:84634384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771258)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771258/; classtype:trojan-activity;sid:84634358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771242)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771242/; classtype:trojan-activity;sid:84634342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771234)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771234/; classtype:trojan-activity;sid:84634334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771237)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771237/; classtype:trojan-activity;sid:84634337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771218)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771218/; classtype:trojan-activity;sid:84634318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771220)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.222.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771220/; classtype:trojan-activity;sid:84634320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771206)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771206/; classtype:trojan-activity;sid:84634306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771190)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771190/; classtype:trojan-activity;sid:84634290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771061)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/31%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771061/; classtype:trojan-activity;sid:84634161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771062)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/08%2008%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771062/; classtype:trojan-activity;sid:84634162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771063)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/24%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771063/; classtype:trojan-activity;sid:84634163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771060)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/11%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771060/; classtype:trojan-activity;sid:84634160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771059)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771059/; classtype:trojan-activity;sid:84634159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771056)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/07%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771056/; classtype:trojan-activity;sid:84634156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771057)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/27%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771057/; classtype:trojan-activity;sid:84634157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771058)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/30%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771058/; classtype:trojan-activity;sid:84634158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771054)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771054/; classtype:trojan-activity;sid:84634154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771055)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771055/; classtype:trojan-activity;sid:84634155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771050)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2009%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771050/; classtype:trojan-activity;sid:84634150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771051)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/24%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771051/; classtype:trojan-activity;sid:84634151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771052)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/15%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771052/; classtype:trojan-activity;sid:84634152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771053)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/16%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771053/; classtype:trojan-activity;sid:84634153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771048)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771048/; classtype:trojan-activity;sid:84634148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771045)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/12%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771045/; classtype:trojan-activity;sid:84634145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771039)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/02%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771039/; classtype:trojan-activity;sid:84634139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771036)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/universe_s1/kernel_main/kernel_main_v1.js"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"alternativas.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771036/; classtype:trojan-activity;sid:84634136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3770100)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3770100/; classtype:trojan-activity;sid:84633200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767404)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767404/; classtype:trojan-activity;sid:84630504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767197/; classtype:trojan-activity;sid:84630297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767101)"; flow:established,from_client; content:"GET"; http_method; content:"/bhekinko/test/main/notepad2.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767101/; classtype:trojan-activity;sid:84630201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766633)"; flow:established,from_client; content:"GET"; http_method; content:"/pty2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766633/; classtype:trojan-activity;sid:84629733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766628)"; flow:established,from_client; content:"GET"; http_method; content:"/pty3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766628/; classtype:trojan-activity;sid:84629728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766629)"; flow:established,from_client; content:"GET"; http_method; content:"/pty1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766629/; classtype:trojan-activity;sid:84629729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766630)"; flow:established,from_client; content:"GET"; http_method; content:"/pty4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766630/; classtype:trojan-activity;sid:84629730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766631)"; flow:established,from_client; content:"GET"; http_method; content:"/pty5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766631/; classtype:trojan-activity;sid:84629731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766632)"; flow:established,from_client; content:"GET"; http_method; content:"/pty10"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766632/; classtype:trojan-activity;sid:84629732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766587/; classtype:trojan-activity;sid:84629687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.196.95.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766584/; classtype:trojan-activity;sid:84629684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766226)"; flow:established,from_client; content:"GET"; http_method; content:"/get/cl.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"corporacioncrf.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766226/; classtype:trojan-activity;sid:84629326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766219)"; flow:established,from_client; content:"GET"; http_method; content:"/filejantn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bafybeiffpkay6l7heq55epccneb563p5chjzclxnso3vkozyorphlz6ana.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766219/; classtype:trojan-activity;sid:84629319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766053)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"separadordecc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766053/; classtype:trojan-activity;sid:84629153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766021)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bafybeibfoyi7ruuyoncarf4xr55qa3lthsjjjgrktk4ia4z3upesawb4ry.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766021/; classtype:trojan-activity;sid:84629121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765537/; classtype:trojan-activity;sid:84628637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765534/; classtype:trojan-activity;sid:84628634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765490)"; flow:established,from_client; content:"GET"; http_method; content:"/download/linux/arm"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.32.206.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765490/; classtype:trojan-activity;sid:84628590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.196.95.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_28; reference:url, urlhaus.abuse.ch/url/3765258/; classtype:trojan-activity;sid:84628358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764383)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/order2390.msi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"audicontadores.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764383/; classtype:trojan-activity;sid:84627483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.96.96.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_25; reference:url, urlhaus.abuse.ch/url/3763665/; classtype:trojan-activity;sid:84626765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763338)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/cr.sh"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763338/; classtype:trojan-activity;sid:84626438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763336)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/javae"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763336/; classtype:trojan-activity;sid:84626436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763333)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763333/; classtype:trojan-activity;sid:84626433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763334)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins-dist/safehtml/lang/font/1.0.5.tar.gz"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"34.70.205.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763334/; classtype:trojan-activity;sid:84626434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763137/; classtype:trojan-activity;sid:84626237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762681)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.32.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762681/; classtype:trojan-activity;sid:84625781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762674/; classtype:trojan-activity;sid:84625774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762403/; classtype:trojan-activity;sid:84625503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762391/; classtype:trojan-activity;sid:84625491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762176)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762176/; classtype:trojan-activity;sid:84625276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762091)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.4.92.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762091/; classtype:trojan-activity;sid:84625191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762083/; classtype:trojan-activity;sid:84625183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762054/; classtype:trojan-activity;sid:84625154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762050/; classtype:trojan-activity;sid:84625150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761843)"; flow:established,from_client; content:"GET"; http_method; content:"/caio-arc/links/raw/refs/heads/main/application.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761843/; classtype:trojan-activity;sid:84624943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761841)"; flow:established,from_client; content:"GET"; http_method; content:"/keyur-m/hometask/raw/refs/heads/main/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761841/; classtype:trojan-activity;sid:84624941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761824)"; flow:established,from_client; content:"GET"; http_method; content:"/teeeeeeeeeellkall/cracked-tab-groups-extension/main/clackety/cracked-tab-groups-extension.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761824/; classtype:trojan-activity;sid:84624924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761823)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/main/fieldworker/cracked-todoist-for-chrome.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761823/; classtype:trojan-activity;sid:84624923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761822)"; flow:established,from_client; content:"GET"; http_method; content:"/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761822/; classtype:trojan-activity;sid:84624922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761818)"; flow:established,from_client; content:"GET"; http_method; content:"/jsm2raj/cracked-webpage-highlighter-extension/main/innkeeper/cracked-webpage-highlighter-extension.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761818/; classtype:trojan-activity;sid:84624918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761819)"; flow:established,from_client; content:"GET"; http_method; content:"/shifaishfaque/cracked-save-to-click-up-extension/raw/refs/heads/main/doddart/cracked-save-to-click-up-extension.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761819/; classtype:trojan-activity;sid:84624919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761816)"; flow:established,from_client; content:"GET"; http_method; content:"/lazzydave/cracked-webpage-snapshot-extension/main/sketchiness/cracked-webpage-snapshot-extension.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761816/; classtype:trojan-activity;sid:84624916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761813)"; flow:established,from_client; content:"GET"; http_method; content:"/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761813/; classtype:trojan-activity;sid:84624913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761807)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761807/; classtype:trojan-activity;sid:84624907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.163.117.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_21; reference:url, urlhaus.abuse.ch/url/3761350/; classtype:trojan-activity;sid:84624450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760838)"; flow:established,from_client; content:"GET"; http_method; content:"/lounger678/lapce/releases/download/1.0.0/lapce-windows.msi"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760838/; classtype:trojan-activity;sid:84623938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.52.87.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760825/; classtype:trojan-activity;sid:84623925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.7.114.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760824/; classtype:trojan-activity;sid:84623924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760734)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760734/; classtype:trojan-activity;sid:84623834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.52.87.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_19; reference:url, urlhaus.abuse.ch/url/3760073/; classtype:trojan-activity;sid:84623173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.7.114.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759998/; classtype:trojan-activity;sid:84623098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759759)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.178.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759759/; classtype:trojan-activity;sid:84622859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759320)"; flow:established,from_client; content:"GET"; http_method; content:"/receiveharsh/changebusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759320/; classtype:trojan-activity;sid:84622420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759319)"; flow:established,from_client; content:"GET"; http_method; content:"/x/s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759319/; classtype:trojan-activity;sid:84622419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758945)"; flow:established,from_client; content:"GET"; http_method; content:"/sa/saa.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thebrandmantra.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758945/; classtype:trojan-activity;sid:84622045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758944)"; flow:established,from_client; content:"GET"; http_method; content:"/static/upload/other/20220313/1647160611412907.apk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.longfeng188.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758944/; classtype:trojan-activity;sid:84622044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758943)"; flow:established,from_client; content:"GET"; http_method; content:"/down/laizi_wzzdh.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"n.vs108.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758943/; classtype:trojan-activity;sid:84622043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758942)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/upload/1000/2017/03/16/202395_1101210.apk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"jlwz.cn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758942/; classtype:trojan-activity;sid:84622042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.38.56.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757992/; classtype:trojan-activity;sid:84621092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.137.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757989/; classtype:trojan-activity;sid:84621089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/imgs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wittenhorst.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757953/; classtype:trojan-activity;sid:84621053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757907)"; flow:established,from_client; content:"GET"; http_method; content:"/syrins/chatgpt-app/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/inat%20tv.apk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757907/; classtype:trojan-activity;sid:84621007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757803)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757803/; classtype:trojan-activity;sid:84620903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757804)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757804/; classtype:trojan-activity;sid:84620904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757805)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2010%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757805/; classtype:trojan-activity;sid:84620905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757806)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757806/; classtype:trojan-activity;sid:84620906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757808)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757808/; classtype:trojan-activity;sid:84620908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757809)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/02%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757809/; classtype:trojan-activity;sid:84620909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757811)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757811/; classtype:trojan-activity;sid:84620911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757802)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2010%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757802/; classtype:trojan-activity;sid:84620902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757799)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757799/; classtype:trojan-activity;sid:84620899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757800)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757800/; classtype:trojan-activity;sid:84620900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757796)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757796/; classtype:trojan-activity;sid:84620896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757797)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757797/; classtype:trojan-activity;sid:84620897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757792)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757792/; classtype:trojan-activity;sid:84620892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757794)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757794/; classtype:trojan-activity;sid:84620894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757791)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757791/; classtype:trojan-activity;sid:84620891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757403)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.224.16.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757403/; classtype:trojan-activity;sid:84620503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757377/; classtype:trojan-activity;sid:84620477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757126/; classtype:trojan-activity;sid:84620226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757074)"; flow:established,from_client; content:"GET"; http_method; content:"/netsyst81.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"steam66.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757074/; classtype:trojan-activity;sid:84620174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756255)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756255/; classtype:trojan-activity;sid:84619355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756023)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756023/; classtype:trojan-activity;sid:84619123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756018)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756018/; classtype:trojan-activity;sid:84619118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755992)"; flow:established,from_client; content:"GET"; http_method; content:"/t36"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.192.39.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755992/; classtype:trojan-activity;sid:84619092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.7.239.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755217/; classtype:trojan-activity;sid:84618317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755219)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755219/; classtype:trojan-activity;sid:84618319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755194)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755194/; classtype:trojan-activity;sid:84618294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755193)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755193/; classtype:trojan-activity;sid:84618293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755157)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755157/; classtype:trojan-activity;sid:84618257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755119)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755119/; classtype:trojan-activity;sid:84618219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755090/; classtype:trojan-activity;sid:84618190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755064)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.209.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755064/; classtype:trojan-activity;sid:84618164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755067)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755067/; classtype:trojan-activity;sid:84618167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754752)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"79.175.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754752/; classtype:trojan-activity;sid:84617852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754756)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"186.121.239.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754756/; classtype:trojan-activity;sid:84617856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754761)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754761/; classtype:trojan-activity;sid:84617861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754762)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754762/; classtype:trojan-activity;sid:84617862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754764)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754764/; classtype:trojan-activity;sid:84617864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754742)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754742/; classtype:trojan-activity;sid:84617842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754743)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754743/; classtype:trojan-activity;sid:84617843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754744)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754744/; classtype:trojan-activity;sid:84617844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754745)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754745/; classtype:trojan-activity;sid:84617845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754741)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/s-1-5-21-513737667-1919666884-561045330-1001/%24rs1r5lt.scr"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754741/; classtype:trojan-activity;sid:84617841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754695)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754695/; classtype:trojan-activity;sid:84617795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754699)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754699/; classtype:trojan-activity;sid:84617799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754701)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754701/; classtype:trojan-activity;sid:84617801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754702)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754702/; classtype:trojan-activity;sid:84617802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754685)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754685/; classtype:trojan-activity;sid:84617785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754684)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754684/; classtype:trojan-activity;sid:84617784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754676)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754676/; classtype:trojan-activity;sid:84617776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754677)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.164.117.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754677/; classtype:trojan-activity;sid:84617777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754662)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754662/; classtype:trojan-activity;sid:84617762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754573)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754573/; classtype:trojan-activity;sid:84617673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754551)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754551/; classtype:trojan-activity;sid:84617651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754555)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnxp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754555/; classtype:trojan-activity;sid:84617655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754558)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754558/; classtype:trojan-activity;sid:84617658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754547)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754547/; classtype:trojan-activity;sid:84617647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754541)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"216.155.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754541/; classtype:trojan-activity;sid:84617641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754542)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754542/; classtype:trojan-activity;sid:84617642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754543)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754543/; classtype:trojan-activity;sid:84617643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754534)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754534/; classtype:trojan-activity;sid:84617634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754530)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.75.193.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754530/; classtype:trojan-activity;sid:84617630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754532)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754532/; classtype:trojan-activity;sid:84617632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754521)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754521/; classtype:trojan-activity;sid:84617621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754517)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754517/; classtype:trojan-activity;sid:84617617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754511)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754511/; classtype:trojan-activity;sid:84617611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754510)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754510/; classtype:trojan-activity;sid:84617610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754443)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754443/; classtype:trojan-activity;sid:84617543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754444)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754444/; classtype:trojan-activity;sid:84617544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754438)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754438/; classtype:trojan-activity;sid:84617538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754425)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"181.129.182.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754425/; classtype:trojan-activity;sid:84617525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754427)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754427/; classtype:trojan-activity;sid:84617527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754433)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754433/; classtype:trojan-activity;sid:84617533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754391)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"213.149.178.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754391/; classtype:trojan-activity;sid:84617491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754390)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"171.231.131.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754390/; classtype:trojan-activity;sid:84617490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754384/; classtype:trojan-activity;sid:84617484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754377)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754377/; classtype:trojan-activity;sid:84617477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754378)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754378/; classtype:trojan-activity;sid:84617478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754379)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module/base_library.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754379/; classtype:trojan-activity;sid:84617479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754373)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754373/; classtype:trojan-activity;sid:84617473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754365)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754365/; classtype:trojan-activity;sid:84617465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754355)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754355/; classtype:trojan-activity;sid:84617455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754359)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754359/; classtype:trojan-activity;sid:84617459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754340)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754340/; classtype:trojan-activity;sid:84617440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754331)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754331/; classtype:trojan-activity;sid:84617431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754327)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu864.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754327/; classtype:trojan-activity;sid:84617427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754328)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754328/; classtype:trojan-activity;sid:84617428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754324)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754324/; classtype:trojan-activity;sid:84617424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754325)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2/namuvpnx2.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754325/; classtype:trojan-activity;sid:84617425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754299)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754299/; classtype:trojan-activity;sid:84617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754282)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuxp.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754282/; classtype:trojan-activity;sid:84617382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754274)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn7.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754274/; classtype:trojan-activity;sid:84617374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754265)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754265/; classtype:trojan-activity;sid:84617365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754262)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754262/; classtype:trojan-activity;sid:84617362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754238)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7/namuvpn7.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754238/; classtype:trojan-activity;sid:84617338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754227)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754227/; classtype:trojan-activity;sid:84617327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754218)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754218/; classtype:trojan-activity;sid:84617318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754202)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754202/; classtype:trojan-activity;sid:84617302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754194)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptodata/archive_to_send_decr.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754194/; classtype:trojan-activity;sid:84617294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754176)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754176/; classtype:trojan-activity;sid:84617276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754170)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"115.127.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754170/; classtype:trojan-activity;sid:84617270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754165)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"141.149.36.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754165/; classtype:trojan-activity;sid:84617265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754166)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"110.4.13.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754166/; classtype:trojan-activity;sid:84617266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3753765)"; flow:established,from_client; content:"GET"; http_method; content:"/big/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3753765/; classtype:trojan-activity;sid:84616865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752359)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"meetvideogoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752359/; classtype:trojan-activity;sid:84615459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"videomeetgoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752363/; classtype:trojan-activity;sid:84615463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752358)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"194.67.127.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752358/; classtype:trojan-activity;sid:84615458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752304/; classtype:trojan-activity;sid:84615404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751589/; classtype:trojan-activity;sid:84614689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750631)"; flow:established,from_client; content:"GET"; http_method; content:"/security/wizvera/delfino-g3/delfino-g3.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"download.kbcard.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750631/; classtype:trojan-activity;sid:84613731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750625)"; flow:established,from_client; content:"GET"; http_method; content:"/luckypatcher/luckypatcherinstaller.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"chelpus.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750625/; classtype:trojan-activity;sid:84613725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.49.202.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750143/; classtype:trojan-activity;sid:84613243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749771)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.125.44.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749771/; classtype:trojan-activity;sid:84612871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749598/; classtype:trojan-activity;sid:84612698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.134.8.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749167/; classtype:trojan-activity;sid:84612267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749159/; classtype:trojan-activity;sid:84612259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.49.202.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748996/; classtype:trojan-activity;sid:84612096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748863/; classtype:trojan-activity;sid:84611963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.215.23.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748483/; classtype:trojan-activity;sid:84611583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748383)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.215.23.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748383/; classtype:trojan-activity;sid:84611483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748352/; classtype:trojan-activity;sid:84611452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748325)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.241.42.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748325/; classtype:trojan-activity;sid:84611425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748326/; classtype:trojan-activity;sid:84611426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748285)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"104.199.248.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748285/; classtype:trojan-activity;sid:84611385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748279)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748279/; classtype:trojan-activity;sid:84611379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748274)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"167.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748274/; classtype:trojan-activity;sid:84611374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748261)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"165.73.81.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748261/; classtype:trojan-activity;sid:84611361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748259)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"167.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748259/; classtype:trojan-activity;sid:84611359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748253/; classtype:trojan-activity;sid:84611353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748255)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"69.48.143.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748255/; classtype:trojan-activity;sid:84611355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748247)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3.18.128.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748247/; classtype:trojan-activity;sid:84611347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748243)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748243/; classtype:trojan-activity;sid:84611343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748235)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748235/; classtype:trojan-activity;sid:84611335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748204)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.35.124.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748204/; classtype:trojan-activity;sid:84611304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748205)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.130.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748205/; classtype:trojan-activity;sid:84611305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748200)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"144.208.73.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748200/; classtype:trojan-activity;sid:84611300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748201)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"112.220.72.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748201/; classtype:trojan-activity;sid:84611301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748193)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"165.73.81.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748193/; classtype:trojan-activity;sid:84611293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748194)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"98.70.13.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748194/; classtype:trojan-activity;sid:84611294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.63.157.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748189/; classtype:trojan-activity;sid:84611289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748180)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.80.0.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748180/; classtype:trojan-activity;sid:84611280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748175)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"125.253.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748175/; classtype:trojan-activity;sid:84611275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748166)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.241.42.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748166/; classtype:trojan-activity;sid:84611266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748170)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"125.253.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748170/; classtype:trojan-activity;sid:84611270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748152)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748152/; classtype:trojan-activity;sid:84611252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748154)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"144.22.251.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748154/; classtype:trojan-activity;sid:84611254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748159)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"112.220.72.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748159/; classtype:trojan-activity;sid:84611259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748163)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.118.47.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748163/; classtype:trojan-activity;sid:84611263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748165)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"201.182.25.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748165/; classtype:trojan-activity;sid:84611265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748137)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748137/; classtype:trojan-activity;sid:84611237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748127)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"150.95.27.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748127/; classtype:trojan-activity;sid:84611227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748131)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"173.231.196.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748131/; classtype:trojan-activity;sid:84611231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748133)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748133/; classtype:trojan-activity;sid:84611233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748104)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748104/; classtype:trojan-activity;sid:84611204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748110)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"44.208.147.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748110/; classtype:trojan-activity;sid:84611210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748112)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"95.154.194.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748112/; classtype:trojan-activity;sid:84611212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748115)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"192.155.93.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748115/; classtype:trojan-activity;sid:84611215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748119)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"35.226.92.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748119/; classtype:trojan-activity;sid:84611219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748122)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"69.57.163.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748122/; classtype:trojan-activity;sid:84611222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748096)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"164.160.41.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748096/; classtype:trojan-activity;sid:84611196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748069)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"178.210.83.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748069/; classtype:trojan-activity;sid:84611169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748074)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"74.50.99.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748074/; classtype:trojan-activity;sid:84611174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748089)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"66.39.79.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748089/; classtype:trojan-activity;sid:84611189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748027)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"159.203.9.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748027/; classtype:trojan-activity;sid:84611127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747725)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747725/; classtype:trojan-activity;sid:84610825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747694)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747694/; classtype:trojan-activity;sid:84610794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747690)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747690/; classtype:trojan-activity;sid:84610790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747685)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747685/; classtype:trojan-activity;sid:84610785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747686)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747686/; classtype:trojan-activity;sid:84610786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747684)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747684/; classtype:trojan-activity;sid:84610784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747082)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.249.107.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_31; reference:url, urlhaus.abuse.ch/url/3747082/; classtype:trojan-activity;sid:84610182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746867)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746867/; classtype:trojan-activity;sid:84609967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746316)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ob.youstarsbuilding.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746316/; classtype:trojan-activity;sid:84609416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746314)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746314/; classtype:trojan-activity;sid:84609414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745971)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.88.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_29; reference:url, urlhaus.abuse.ch/url/3745971/; classtype:trojan-activity;sid:84609071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745195/; classtype:trojan-activity;sid:84608295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745196)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745196/; classtype:trojan-activity;sid:84608296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745197)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745197/; classtype:trojan-activity;sid:84608297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745192)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745192/; classtype:trojan-activity;sid:84608292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745193)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745193/; classtype:trojan-activity;sid:84608293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743457)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.89.247.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743457/; classtype:trojan-activity;sid:84606557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743405)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743405/; classtype:trojan-activity;sid:84606505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743375)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%80%80%e6%97%a7%e8%af%9b%e4%bb%99.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"202.189.11.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743375/; classtype:trojan-activity;sid:84606475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743354)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743354/; classtype:trojan-activity;sid:84606454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743323)"; flow:established,from_client; content:"GET"; http_method; content:"/files/plugins/sess1594985553/sessiontools/uvsodsae.msi"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743323/; classtype:trojan-activity;sid:84606423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743272)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743272/; classtype:trojan-activity;sid:84606372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743271)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743271/; classtype:trojan-activity;sid:84606371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743175)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%83%85%e7%bc%98%e6%80%80%e6%97%a7/%e6%83%85%e6%84%bf%e6%80%80%e6%97%a7.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"139.199.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743175/; classtype:trojan-activity;sid:84606275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743173)"; flow:established,from_client; content:"GET"; http_method; content:"/%e7%8c%b4%e5%ad%90/%e6%a2%a6%e5%b9%bb%e9%ad%94%e7%95%8c%e7%94%b5%e8%84%91%e7%ab%af.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"139.199.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743173/; classtype:trojan-activity;sid:84606273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743168)"; flow:established,from_client; content:"GET"; http_method; content:"/1/%e6%a2%a6%e5%b9%bb%e9%ad%94%e7%95%8c%e7%94%b5%e8%84%91%e7%ab%af.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"139.199.191.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743168/; classtype:trojan-activity;sid:84606268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742020)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742020/; classtype:trojan-activity;sid:84605120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742013)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742013/; classtype:trojan-activity;sid:84605113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742007)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742007/; classtype:trojan-activity;sid:84605107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742005)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742005/; classtype:trojan-activity;sid:84605105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741991/; classtype:trojan-activity;sid:84605091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741975)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741975/; classtype:trojan-activity;sid:84605075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741976/; classtype:trojan-activity;sid:84605076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741974)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741974/; classtype:trojan-activity;sid:84605074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741972)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741972/; classtype:trojan-activity;sid:84605072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741971)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741971/; classtype:trojan-activity;sid:84605071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741968)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741968/; classtype:trojan-activity;sid:84605068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741966)"; flow:established,from_client; content:"GET"; http_method; content:"/20250811/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741966/; classtype:trojan-activity;sid:84605066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741967)"; flow:established,from_client; content:"GET"; http_method; content:"/20250809/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741967/; classtype:trojan-activity;sid:84605067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741965)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741965/; classtype:trojan-activity;sid:84605065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741962)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741962/; classtype:trojan-activity;sid:84605062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741963)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741963/; classtype:trojan-activity;sid:84605063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741947/; classtype:trojan-activity;sid:84605047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741948)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741948/; classtype:trojan-activity;sid:84605048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741949)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741949/; classtype:trojan-activity;sid:84605049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741940)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741940/; classtype:trojan-activity;sid:84605040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.231.131.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741528/; classtype:trojan-activity;sid:84604628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741523/; classtype:trojan-activity;sid:84604623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741524/; classtype:trojan-activity;sid:84604624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741397)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"indeanapolice.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741397/; classtype:trojan-activity;sid:84604497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741336)"; flow:established,from_client; content:"GET"; http_method; content:"/files/auhavkiq.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741336/; classtype:trojan-activity;sid:84604436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741204)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741204/; classtype:trojan-activity;sid:84604304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741201)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741201/; classtype:trojan-activity;sid:84604301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741202/; classtype:trojan-activity;sid:84604302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741193/; classtype:trojan-activity;sid:84604293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741182)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741182/; classtype:trojan-activity;sid:84604282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741183)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741183/; classtype:trojan-activity;sid:84604283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741186)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741186/; classtype:trojan-activity;sid:84604286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741153)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741153/; classtype:trojan-activity;sid:84604253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741109/; classtype:trojan-activity;sid:84604209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741086/; classtype:trojan-activity;sid:84604186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741068)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741068/; classtype:trojan-activity;sid:84604168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741049/; classtype:trojan-activity;sid:84604149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741026/; classtype:trojan-activity;sid:84604126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741024)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741024/; classtype:trojan-activity;sid:84604124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741009)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741009/; classtype:trojan-activity;sid:84604109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740979)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740979/; classtype:trojan-activity;sid:84604079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740945)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740945/; classtype:trojan-activity;sid:84604045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739840)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"171.231.131.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_22; reference:url, urlhaus.abuse.ch/url/3739840/; classtype:trojan-activity;sid:84602940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739558)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/4thepool_miner.sh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_21; reference:url, urlhaus.abuse.ch/url/3739558/; classtype:trojan-activity;sid:84602658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738164)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.81.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738164/; classtype:trojan-activity;sid:84601264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736211)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hotelsep.blogspot.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736211/; classtype:trojan-activity;sid:84599311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736212)"; flow:established,from_client; content:"GET"; http_method; content:"/nimper.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736212/; classtype:trojan-activity;sid:84599312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.110.182.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735377/; classtype:trojan-activity;sid:84598477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734705)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.198.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734705/; classtype:trojan-activity;sid:84597805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734700/; classtype:trojan-activity;sid:84597800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734674)"; flow:established,from_client; content:"GET"; http_method; content:"/23/zech_group_sp_project_%20rfq_specifications_65486_pdf.rar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"uniform-factory.ae"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734674/; classtype:trojan-activity;sid:84597774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733913)"; flow:established,from_client; content:"GET"; http_method; content:"/usr/uploads/file/202002/20200210195059_78353.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zhigao5191.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733913/; classtype:trojan-activity;sid:84597013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733907)"; flow:established,from_client; content:"GET"; http_method; content:"/editor%e6%b1%89%e5%8c%96%e7%89%88.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"zycdjz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733907/; classtype:trojan-activity;sid:84597007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733819)"; flow:established,from_client; content:"GET"; http_method; content:"/liljaber/am/raw/refs/heads/main/shellhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733819/; classtype:trojan-activity;sid:84596919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.0.120.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733042/; classtype:trojan-activity;sid:84596142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.75.193.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732386/; classtype:trojan-activity;sid:84595486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732383)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732383/; classtype:trojan-activity;sid:84595483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.39.215.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732378/; classtype:trojan-activity;sid:84595478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732133)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bymyzter/eabackup.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732133/; classtype:trojan-activity;sid:84595233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732129)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bybakausagi/spr_conview_v0.11.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732129/; classtype:trojan-activity;sid:84595229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731630)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/cr.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731630/; classtype:trojan-activity;sid:84594730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731351)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/v1d.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731351/; classtype:trojan-activity;sid:84594451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731347)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/c1i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731347/; classtype:trojan-activity;sid:84594447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731299)"; flow:established,from_client; content:"GET"; http_method; content:"/molo243r/fivem-weather-control/main/pneumonorrhagia/fivem-weather-control.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731299/; classtype:trojan-activity;sid:84594399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731286)"; flow:established,from_client; content:"GET"; http_method; content:"/nalleysh/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731286/; classtype:trojan-activity;sid:84594386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731287)"; flow:established,from_client; content:"GET"; http_method; content:"/el1nns/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731287/; classtype:trojan-activity;sid:84594387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731283)"; flow:established,from_client; content:"GET"; http_method; content:"/d3xxth/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731283/; classtype:trojan-activity;sid:84594383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731275)"; flow:established,from_client; content:"GET"; http_method; content:"/creyty1h/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731275/; classtype:trojan-activity;sid:84594375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731271)"; flow:established,from_client; content:"GET"; http_method; content:"/v1llenth/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731271/; classtype:trojan-activity;sid:84594371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731257)"; flow:established,from_client; content:"GET"; http_method; content:"/rayn1e/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731257/; classtype:trojan-activity;sid:84594357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731244)"; flow:established,from_client; content:"GET"; http_method; content:"/colleshake/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731244/; classtype:trojan-activity;sid:84594344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731243)"; flow:established,from_client; content:"GET"; http_method; content:"/arcellys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731243/; classtype:trojan-activity;sid:84594343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731242)"; flow:established,from_client; content:"GET"; http_method; content:"/n1elcery/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731242/; classtype:trojan-activity;sid:84594342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731239)"; flow:established,from_client; content:"GET"; http_method; content:"/recctan1o/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731239/; classtype:trojan-activity;sid:84594339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731238)"; flow:established,from_client; content:"GET"; http_method; content:"/kesslyy27/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731238/; classtype:trojan-activity;sid:84594338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731232)"; flow:established,from_client; content:"GET"; http_method; content:"/ssten1/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731232/; classtype:trojan-activity;sid:84594332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.242.100.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731096/; classtype:trojan-activity;sid:84594196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730787)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730787/; classtype:trojan-activity;sid:84593887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730785)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730785/; classtype:trojan-activity;sid:84593885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730754)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730754/; classtype:trojan-activity;sid:84593854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730727/; classtype:trojan-activity;sid:84593827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730681)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730681/; classtype:trojan-activity;sid:84593781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730669)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730669/; classtype:trojan-activity;sid:84593769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730651/; classtype:trojan-activity;sid:84593751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730605)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730605/; classtype:trojan-activity;sid:84593705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.168.136.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730594/; classtype:trojan-activity;sid:84593694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730310)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/config.json"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"acaviationsupplies.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730310/; classtype:trojan-activity;sid:84593410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730311)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xi3twfy4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730311/; classtype:trojan-activity;sid:84593411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729861)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"180.76.141.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729861/; classtype:trojan-activity;sid:84592961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.182.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729846/; classtype:trojan-activity;sid:84592946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/panel/uploads/optimized_msi.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"bvaco.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729416/; classtype:trojan-activity;sid:84592516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729323)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.3.27.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729323/; classtype:trojan-activity;sid:84592423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729248)"; flow:established,from_client; content:"GET"; http_method; content:"/static/clean/clean.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"static.youdm.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729248/; classtype:trojan-activity;sid:84592348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729188)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.89.95.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729188/; classtype:trojan-activity;sid:84592288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3728954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.7.149.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_07; reference:url, urlhaus.abuse.ch/url/3728954/; classtype:trojan-activity;sid:84592054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3727342)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.32.169.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3727342/; classtype:trojan-activity;sid:84590442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726789)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.240.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3726789/; classtype:trojan-activity;sid:84589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726005)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt_11_26_2025.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"alineeleuterio.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_05; reference:url, urlhaus.abuse.ch/url/3726005/; classtype:trojan-activity;sid:84589105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725395)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.73.129.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725395/; classtype:trojan-activity;sid:84588495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725201)"; flow:established,from_client; content:"GET"; http_method; content:"/file/redmi%20ax3000/%e8%b7%af%e7%94%b1%e5%99%a8%e4%bf%ae%e5%a4%8d%e5%b7%a5%e5%85%b7/miwifirepairtool.x86.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"hzxcaq-github-io.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725201/; classtype:trojan-activity;sid:84588301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725129)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.161.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725129/; classtype:trojan-activity;sid:84588229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725126/; classtype:trojan-activity;sid:84588226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.219.38.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725097/; classtype:trojan-activity;sid:84588197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724888)"; flow:established,from_client; content:"GET"; http_method; content:"/gretech/promotion_sw/gomplayer/fastping_silent_v4.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"cdn.gomlab.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724888/; classtype:trojan-activity;sid:84587988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/linux/linux.tar.gz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724884/; classtype:trojan-activity;sid:84587984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win/miner.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724883/; classtype:trojan-activity;sid:84587983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724235)"; flow:established,from_client; content:"GET"; http_method; content:"/fecund.lpk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724235/; classtype:trojan-activity;sid:84587335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724236)"; flow:established,from_client; content:"GET"; http_method; content:"/hrcxpywfcshe8.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724236/; classtype:trojan-activity;sid:84587336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724034)"; flow:established,from_client; content:"GET"; http_method; content:"/res/keditor/2019_11/3c7a829a_893c_4f02_a407_6b0918c321c2.rar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"en.taichuan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724034/; classtype:trojan-activity;sid:84587134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724008)"; flow:established,from_client; content:"GET"; http_method; content:"/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"injectroblox.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724008/; classtype:trojan-activity;sid:84587108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3723880)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftbs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"120.48.115.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3723880/; classtype:trojan-activity;sid:84586980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722913)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722913/; classtype:trojan-activity;sid:84586013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722915)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722915/; classtype:trojan-activity;sid:84586015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722069)"; flow:established,from_client; content:"GET"; http_method; content:"/app/top8bet.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"top8onlinegame.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722069/; classtype:trojan-activity;sid:84585169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721477)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.13.29.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721477/; classtype:trojan-activity;sid:84584577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.201.150.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721465/; classtype:trojan-activity;sid:84584565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721055)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%a7%e5%93%81%e8%b5%84%e6%96%99%e5%8c%85/%e6%99%ae%e9%80%9a%e5%9e%8b%e4%ba%a7%e5%93%81%e8%b5%84%e6%96%99%e5%8c%85/485%e5%9e%8b%e8%ae%be%e5%a4%87%e8%b5%84%e6%96%99%e5%8c%85.rar"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"save.jnrsmcu.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721055/; classtype:trojan-activity;sid:84584155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721052)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%a5%87%e5%a6%99%e5%8a%a0%e9%80%9f%e5%99%a8_2_10004379.exe/%c3%a5%c2%a5%c2%87%c3%a5%c2%a6%c2%99%c3%a5%c2%8a%c2%a0%c3%a9%c2%80%c2%9f%c3%a5%c2%99%c2%a8_2_10004379.exe/%c3%83%c2%a5%c3%82%c2%a5%c3%82%c2%87%c3%83%c2%a5%c3%82%c2%a6%c3%82%c2%99%c3%83%25...~311~...%ef%bf%bd%c3%82%c2%a8_2_10004379.exe"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"pvsa.gxfugy.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721052/; classtype:trojan-activity;sid:84584152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720416)"; flow:established,from_client; content:"GET"; http_method; content:"/payment_receipt_11_28_2025.msi"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.com.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720416/; classtype:trojan-activity;sid:84583516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720403)"; flow:established,from_client; content:"GET"; http_method; content:"/gmssetupx86.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185-55-196-13.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720403/; classtype:trojan-activity;sid:84583503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.229.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720366/; classtype:trojan-activity;sid:84583466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720339)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720339/; classtype:trojan-activity;sid:84583439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720337)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720337/; classtype:trojan-activity;sid:84583437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720336)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720336/; classtype:trojan-activity;sid:84583436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720335)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720335/; classtype:trojan-activity;sid:84583435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720330)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720330/; classtype:trojan-activity;sid:84583430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720331)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720331/; classtype:trojan-activity;sid:84583431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720332)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720332/; classtype:trojan-activity;sid:84583432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720333)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720333/; classtype:trojan-activity;sid:84583433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720334)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720334/; classtype:trojan-activity;sid:84583434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720329)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720329/; classtype:trojan-activity;sid:84583429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720327)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720327/; classtype:trojan-activity;sid:84583427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720328)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720328/; classtype:trojan-activity;sid:84583428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720042/; classtype:trojan-activity;sid:84583142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720037)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720037/; classtype:trojan-activity;sid:84583137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719973)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719973/; classtype:trojan-activity;sid:84583073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.228.74.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718861/; classtype:trojan-activity;sid:84581961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.66.224.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718843/; classtype:trojan-activity;sid:84581943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718114)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.33.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3718114/; classtype:trojan-activity;sid:84581214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717880)"; flow:established,from_client; content:"GET"; http_method; content:"/newwfs/support/customfont.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upaicdn.xinmei365.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717880/; classtype:trojan-activity;sid:84580980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717867)"; flow:established,from_client; content:"GET"; http_method; content:"/download/adan/utils/mudtime.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"paccbet.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717867/; classtype:trojan-activity;sid:84580967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.171.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3717290/; classtype:trojan-activity;sid:84580390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716961)"; flow:established,from_client; content:"GET"; http_method; content:"/krzysztofadamczewski/nanocore-rat/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716961/; classtype:trojan-activity;sid:84580061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716962)"; flow:established,from_client; content:"GET"; http_method; content:"/pafh99/nanocore-rat-2/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716962/; classtype:trojan-activity;sid:84580062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716299)"; flow:established,from_client; content:"GET"; http_method; content:"/clientbin/dowonline.installer.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"dowonline.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716299/; classtype:trojan-activity;sid:84579399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716290)"; flow:established,from_client; content:"GET"; http_method; content:"/baixar/suporte%20winxp-7-8.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"compuserviceonline.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716290/; classtype:trojan-activity;sid:84579390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715638)"; flow:established,from_client; content:"GET"; http_method; content:"/37/cqsj/official/37cqsj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d.wanyouxi7.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715638/; classtype:trojan-activity;sid:84578738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715587)"; flow:established,from_client; content:"GET"; http_method; content:"/elc/filesave/setupfile/edmslaunchersetup.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"lcportal.kbinsure.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715587/; classtype:trojan-activity;sid:84578687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715579)"; flow:established,from_client; content:"GET"; http_method; content:"/dropfix"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cdn.novoline.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715579/; classtype:trojan-activity;sid:84578679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715175)"; flow:established,from_client; content:"GET"; http_method; content:"/fo-wsftp605.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"landonirwin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715175/; classtype:trojan-activity;sid:84578275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714635)"; flow:established,from_client; content:"GET"; http_method; content:"/app/linux.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"prepstarcenter.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714635/; classtype:trojan-activity;sid:84577735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714116)"; flow:established,from_client; content:"GET"; http_method; content:"/wizvera/delfino/down/delfino-g3-sha2.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.hwgeneralins.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714116/; classtype:trojan-activity;sid:84577216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714095)"; flow:established,from_client; content:"GET"; http_method; content:"/k1_351.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app.appzcvb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714095/; classtype:trojan-activity;sid:84577195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714015)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.127.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714015/; classtype:trojan-activity;sid:84577115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714014)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.127.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714014/; classtype:trojan-activity;sid:84577114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714012)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.127.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714012/; classtype:trojan-activity;sid:84577112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714013)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.127.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714013/; classtype:trojan-activity;sid:84577113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714010)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.127.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714010/; classtype:trojan-activity;sid:84577110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713958)"; flow:established,from_client; content:"GET"; http_method; content:"/rs.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"20.244.42.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713958/; classtype:trojan-activity;sid:84577058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713850)"; flow:established,from_client; content:"GET"; http_method; content:"/cleaner"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gutando.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713850/; classtype:trojan-activity;sid:84576950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.190.74.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713493/; classtype:trojan-activity;sid:84576593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713469)"; flow:established,from_client; content:"GET"; http_method; content:"/stage1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713469/; classtype:trojan-activity;sid:84576569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713470)"; flow:established,from_client; content:"GET"; http_method; content:"/amsibypass.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713470/; classtype:trojan-activity;sid:84576570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713467)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bexitor%20installer.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"matthewsigmondv5.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713467/; classtype:trojan-activity;sid:84576567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713131)"; flow:established,from_client; content:"GET"; http_method; content:"/5t6t.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"petitesalope.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3713131/; classtype:trojan-activity;sid:84576231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712904)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.156.63.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712904/; classtype:trojan-activity;sid:84576004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712796)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712796/; classtype:trojan-activity;sid:84575896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712795)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712795/; classtype:trojan-activity;sid:84575895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712793)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712793/; classtype:trojan-activity;sid:84575893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712794)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712794/; classtype:trojan-activity;sid:84575894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712791)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712791/; classtype:trojan-activity;sid:84575891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712792)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712792/; classtype:trojan-activity;sid:84575892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712790)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712790/; classtype:trojan-activity;sid:84575890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712787)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712787/; classtype:trojan-activity;sid:84575887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712788)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712788/; classtype:trojan-activity;sid:84575888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712789)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712789/; classtype:trojan-activity;sid:84575889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712785)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712785/; classtype:trojan-activity;sid:84575885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712786)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712786/; classtype:trojan-activity;sid:84575886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712393)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gof.com.my/gz2v8w/y0qt8nphhv1v"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"smartermail.host"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712393/; classtype:trojan-activity;sid:84575493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/horioninjector.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"horion-static.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3712017/; classtype:trojan-activity;sid:84575117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711792)"; flow:established,from_client; content:"GET"; http_method; content:"/bog.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bombayonline.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3711792/; classtype:trojan-activity;sid:84574892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711282)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.149.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711282/; classtype:trojan-activity;sid:84574382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711277)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.107.136.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711277/; classtype:trojan-activity;sid:84574377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.121.137.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711278/; classtype:trojan-activity;sid:84574378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710993)"; flow:established,from_client; content:"GET"; http_method; content:"/sfyhmsqlexrtjetiqydog74.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710993/; classtype:trojan-activity;sid:84574093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710988)"; flow:established,from_client; content:"GET"; http_method; content:"/brkopsluth.emz"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710988/; classtype:trojan-activity;sid:84574088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710498)"; flow:established,from_client; content:"GET"; http_method; content:"/auo1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a-gwo.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710498/; classtype:trojan-activity;sid:84573598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"rheddh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710456/; classtype:trojan-activity;sid:84573556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-19/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710416/; classtype:trojan-activity;sid:84573516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710412)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42625_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710412/; classtype:trojan-activity;sid:84573512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-29/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710404/; classtype:trojan-activity;sid:84573504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710402)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71024_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710402/; classtype:trojan-activity;sid:84573502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710394/; classtype:trojan-activity;sid:84573494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710388/; classtype:trojan-activity;sid:84573488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-04-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710390/; classtype:trojan-activity;sid:84573490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-10-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710385/; classtype:trojan-activity;sid:84573485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710383/; classtype:trojan-activity;sid:84573483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710380/; classtype:trojan-activity;sid:84573480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-02-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710370/; classtype:trojan-activity;sid:84573470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710371/; classtype:trojan-activity;sid:84573471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710374/; classtype:trojan-activity;sid:84573474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710362/; classtype:trojan-activity;sid:84573462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710355)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710355/; classtype:trojan-activity;sid:84573455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-06-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710351/; classtype:trojan-activity;sid:84573451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710352)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_41724_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710352/; classtype:trojan-activity;sid:84573452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-07-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710353/; classtype:trojan-activity;sid:84573453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710350)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61324_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710350/; classtype:trojan-activity;sid:84573450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-02-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710340/; classtype:trojan-activity;sid:84573440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-07-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710341/; classtype:trojan-activity;sid:84573441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710343/; classtype:trojan-activity;sid:84573443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710334/; classtype:trojan-activity;sid:84573434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710323/; classtype:trojan-activity;sid:84573423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710327/; classtype:trojan-activity;sid:84573427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710315)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3925_mahal-node2/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710315/; classtype:trojan-activity;sid:84573415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710316/; classtype:trojan-activity;sid:84573416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-12-23/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710318/; classtype:trojan-activity;sid:84573418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710319)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710319/; classtype:trojan-activity;sid:84573419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710311/; classtype:trojan-activity;sid:84573411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710312)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710312/; classtype:trojan-activity;sid:84573412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-12-14/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710313/; classtype:trojan-activity;sid:84573413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710309)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_32824_mahal-server/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710309/; classtype:trojan-activity;sid:84573409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710306/; classtype:trojan-activity;sid:84573406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710297)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_51025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710297/; classtype:trojan-activity;sid:84573397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710293/; classtype:trojan-activity;sid:84573393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-10-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710285/; classtype:trojan-activity;sid:84573385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710287/; classtype:trojan-activity;sid:84573387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-18/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710288/; classtype:trojan-activity;sid:84573388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-22/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710289/; classtype:trojan-activity;sid:84573389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710290/; classtype:trojan-activity;sid:84573390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710291/; classtype:trojan-activity;sid:84573391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710284/; classtype:trojan-activity;sid:84573384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710207)"; flow:established,from_client; content:"GET"; http_method; content:"/offlinepackv4.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dl.360safe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710207/; classtype:trojan-activity;sid:84573307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710011)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/raw/refs/heads/main/execute"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710011/; classtype:trojan-activity;sid:84573111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710010)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/refs/heads/main/execute"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710010/; classtype:trojan-activity;sid:84573110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709309/; classtype:trojan-activity;sid:84572409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709306/; classtype:trojan-activity;sid:84572406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709292/; classtype:trojan-activity;sid:84572392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709293/; classtype:trojan-activity;sid:84572393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709294/; classtype:trojan-activity;sid:84572394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709295/; classtype:trojan-activity;sid:84572395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709296/; classtype:trojan-activity;sid:84572396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709298/; classtype:trojan-activity;sid:84572398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709299/; classtype:trojan-activity;sid:84572399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709300/; classtype:trojan-activity;sid:84572400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709301/; classtype:trojan-activity;sid:84572401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709302/; classtype:trojan-activity;sid:84572402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709303/; classtype:trojan-activity;sid:84572403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-05-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709304/; classtype:trojan-activity;sid:84572404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709305/; classtype:trojan-activity;sid:84572405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709288/; classtype:trojan-activity;sid:84572388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709290/; classtype:trojan-activity;sid:84572390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-26/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709291/; classtype:trojan-activity;sid:84572391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709272/; classtype:trojan-activity;sid:84572372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709273/; classtype:trojan-activity;sid:84572373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709274/; classtype:trojan-activity;sid:84572374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-04-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709275/; classtype:trojan-activity;sid:84572375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709276/; classtype:trojan-activity;sid:84572376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709277/; classtype:trojan-activity;sid:84572377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709278/; classtype:trojan-activity;sid:84572378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-06-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709280/; classtype:trojan-activity;sid:84572380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709281/; classtype:trojan-activity;sid:84572381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709284/; classtype:trojan-activity;sid:84572384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709285/; classtype:trojan-activity;sid:84572385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709286/; classtype:trojan-activity;sid:84572386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709287/; classtype:trojan-activity;sid:84572387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709269)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82624_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709269/; classtype:trojan-activity;sid:84572369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709270/; classtype:trojan-activity;sid:84572370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-10/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709271/; classtype:trojan-activity;sid:84572371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709267/; classtype:trojan-activity;sid:84572367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-01-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709255/; classtype:trojan-activity;sid:84572355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709256/; classtype:trojan-activity;sid:84572356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709257/; classtype:trojan-activity;sid:84572357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709258/; classtype:trojan-activity;sid:84572358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709259/; classtype:trojan-activity;sid:84572359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709261/; classtype:trojan-activity;sid:84572361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709262/; classtype:trojan-activity;sid:84572362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-08-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709263/; classtype:trojan-activity;sid:84572363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709264/; classtype:trojan-activity;sid:84572364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709248/; classtype:trojan-activity;sid:84572348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709249/; classtype:trojan-activity;sid:84572349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709250/; classtype:trojan-activity;sid:84572350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709251/; classtype:trojan-activity;sid:84572351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709252/; classtype:trojan-activity;sid:84572352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709253/; classtype:trojan-activity;sid:84572353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709254/; classtype:trojan-activity;sid:84572354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709244/; classtype:trojan-activity;sid:84572344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709245/; classtype:trojan-activity;sid:84572345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-09-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709246/; classtype:trojan-activity;sid:84572346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-01-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709247/; classtype:trojan-activity;sid:84572347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709240/; classtype:trojan-activity;sid:84572340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709241/; classtype:trojan-activity;sid:84572341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709242/; classtype:trojan-activity;sid:84572342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709239/; classtype:trojan-activity;sid:84572339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709234/; classtype:trojan-activity;sid:84572334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709235/; classtype:trojan-activity;sid:84572335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709236/; classtype:trojan-activity;sid:84572336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709237/; classtype:trojan-activity;sid:84572337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709238/; classtype:trojan-activity;sid:84572338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-01-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709228/; classtype:trojan-activity;sid:84572328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709229/; classtype:trojan-activity;sid:84572329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-07-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709230/; classtype:trojan-activity;sid:84572330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709231/; classtype:trojan-activity;sid:84572331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709232/; classtype:trojan-activity;sid:84572332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709233/; classtype:trojan-activity;sid:84572333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-07-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709220/; classtype:trojan-activity;sid:84572320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709221/; classtype:trojan-activity;sid:84572321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709222/; classtype:trojan-activity;sid:84572322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709223/; classtype:trojan-activity;sid:84572323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709224/; classtype:trojan-activity;sid:84572324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709225/; classtype:trojan-activity;sid:84572325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709227/; classtype:trojan-activity;sid:84572327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709218/; classtype:trojan-activity;sid:84572318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709219/; classtype:trojan-activity;sid:84572319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709217/; classtype:trojan-activity;sid:84572317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709213/; classtype:trojan-activity;sid:84572313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709214/; classtype:trojan-activity;sid:84572314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709209/; classtype:trojan-activity;sid:84572309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709210/; classtype:trojan-activity;sid:84572310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709211/; classtype:trojan-activity;sid:84572311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709212/; classtype:trojan-activity;sid:84572312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709201/; classtype:trojan-activity;sid:84572301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709202/; classtype:trojan-activity;sid:84572302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709203/; classtype:trojan-activity;sid:84572303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-12/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709204/; classtype:trojan-activity;sid:84572304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709205/; classtype:trojan-activity;sid:84572305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-02/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709206/; classtype:trojan-activity;sid:84572306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709207/; classtype:trojan-activity;sid:84572307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-04-04/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709193/; classtype:trojan-activity;sid:84572293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709194/; classtype:trojan-activity;sid:84572294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-01/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709195/; classtype:trojan-activity;sid:84572295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709196/; classtype:trojan-activity;sid:84572296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709197/; classtype:trojan-activity;sid:84572297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709199/; classtype:trojan-activity;sid:84572299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709200/; classtype:trojan-activity;sid:84572300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709192/; classtype:trojan-activity;sid:84572292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709190/; classtype:trojan-activity;sid:84572290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709191/; classtype:trojan-activity;sid:84572291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709186/; classtype:trojan-activity;sid:84572286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709187/; classtype:trojan-activity;sid:84572287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709188/; classtype:trojan-activity;sid:84572288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2025-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709175/; classtype:trojan-activity;sid:84572275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709176/; classtype:trojan-activity;sid:84572276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709177/; classtype:trojan-activity;sid:84572277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-09-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709178/; classtype:trojan-activity;sid:84572278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709179/; classtype:trojan-activity;sid:84572279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-09-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709180/; classtype:trojan-activity;sid:84572280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709181/; classtype:trojan-activity;sid:84572281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709182/; classtype:trojan-activity;sid:84572282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709184/; classtype:trojan-activity;sid:84572284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709185/; classtype:trojan-activity;sid:84572285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709165/; classtype:trojan-activity;sid:84572265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709166/; classtype:trojan-activity;sid:84572266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2024-01-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709167/; classtype:trojan-activity;sid:84572267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709168/; classtype:trojan-activity;sid:84572268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709169/; classtype:trojan-activity;sid:84572269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709170/; classtype:trojan-activity;sid:84572270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709171/; classtype:trojan-activity;sid:84572271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709172/; classtype:trojan-activity;sid:84572272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709173/; classtype:trojan-activity;sid:84572273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709163/; classtype:trojan-activity;sid:84572263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709161/; classtype:trojan-activity;sid:84572261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709162/; classtype:trojan-activity;sid:84572262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709159/; classtype:trojan-activity;sid:84572259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709158/; classtype:trojan-activity;sid:84572258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000758/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709152/; classtype:trojan-activity;sid:84572252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709153/; classtype:trojan-activity;sid:84572253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-24/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709154/; classtype:trojan-activity;sid:84572254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709155/; classtype:trojan-activity;sid:84572255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709156/; classtype:trojan-activity;sid:84572256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-08-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709157/; classtype:trojan-activity;sid:84572257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709143/; classtype:trojan-activity;sid:84572243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709144/; classtype:trojan-activity;sid:84572244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709145/; classtype:trojan-activity;sid:84572245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709147/; classtype:trojan-activity;sid:84572247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709148/; classtype:trojan-activity;sid:84572248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709149/; classtype:trojan-activity;sid:84572249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709150/; classtype:trojan-activity;sid:84572250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-05-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709151/; classtype:trojan-activity;sid:84572251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709140/; classtype:trojan-activity;sid:84572240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709141/; classtype:trojan-activity;sid:84572241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709139/; classtype:trojan-activity;sid:84572239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709138/; classtype:trojan-activity;sid:84572238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709129/; classtype:trojan-activity;sid:84572229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709130/; classtype:trojan-activity;sid:84572230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709131/; classtype:trojan-activity;sid:84572231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-05-31/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709132/; classtype:trojan-activity;sid:84572232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709133/; classtype:trojan-activity;sid:84572233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709135/; classtype:trojan-activity;sid:84572235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709136/; classtype:trojan-activity;sid:84572236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709128/; classtype:trojan-activity;sid:84572228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709112/; classtype:trojan-activity;sid:84572212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709113/; classtype:trojan-activity;sid:84572213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709114/; classtype:trojan-activity;sid:84572214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709115/; classtype:trojan-activity;sid:84572215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709116/; classtype:trojan-activity;sid:84572216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709117/; classtype:trojan-activity;sid:84572217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709118/; classtype:trojan-activity;sid:84572218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709119/; classtype:trojan-activity;sid:84572219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709120/; classtype:trojan-activity;sid:84572220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-08-16/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709121/; classtype:trojan-activity;sid:84572221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709122)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_92825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709122/; classtype:trojan-activity;sid:84572222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709123/; classtype:trojan-activity;sid:84572223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709124/; classtype:trojan-activity;sid:84572224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709126/; classtype:trojan-activity;sid:84572226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709109/; classtype:trojan-activity;sid:84572209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-06-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709111/; classtype:trojan-activity;sid:84572211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709104/; classtype:trojan-activity;sid:84572204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709105/; classtype:trojan-activity;sid:84572205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709107/; classtype:trojan-activity;sid:84572207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709108/; classtype:trojan-activity;sid:84572208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709102)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_51125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709102/; classtype:trojan-activity;sid:84572202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709103/; classtype:trojan-activity;sid:84572203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709096/; classtype:trojan-activity;sid:84572196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709097/; classtype:trojan-activity;sid:84572197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709098/; classtype:trojan-activity;sid:84572198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709099/; classtype:trojan-activity;sid:84572199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709100/; classtype:trojan-activity;sid:84572200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000324/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709101/; classtype:trojan-activity;sid:84572201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709088/; classtype:trojan-activity;sid:84572188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709089/; classtype:trojan-activity;sid:84572189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709090/; classtype:trojan-activity;sid:84572190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709091/; classtype:trojan-activity;sid:84572191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709092/; classtype:trojan-activity;sid:84572192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2022-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709093/; classtype:trojan-activity;sid:84572193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709078/; classtype:trojan-activity;sid:84572178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-09-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709079/; classtype:trojan-activity;sid:84572179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-09-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709080/; classtype:trojan-activity;sid:84572180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-09-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709081/; classtype:trojan-activity;sid:84572181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709083/; classtype:trojan-activity;sid:84572183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709084/; classtype:trojan-activity;sid:84572184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709085/; classtype:trojan-activity;sid:84572185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709086/; classtype:trojan-activity;sid:84572186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709087/; classtype:trojan-activity;sid:84572187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709075/; classtype:trojan-activity;sid:84572175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709076/; classtype:trojan-activity;sid:84572176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709077/; classtype:trojan-activity;sid:84572177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-06-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709054/; classtype:trojan-activity;sid:84572154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709055/; classtype:trojan-activity;sid:84572155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-09-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709056/; classtype:trojan-activity;sid:84572156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709057/; classtype:trojan-activity;sid:84572157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709058/; classtype:trojan-activity;sid:84572158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709059/; classtype:trojan-activity;sid:84572159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709060/; classtype:trojan-activity;sid:84572160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-02-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709061/; classtype:trojan-activity;sid:84572161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709062/; classtype:trojan-activity;sid:84572162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709063/; classtype:trojan-activity;sid:84572163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709064/; classtype:trojan-activity;sid:84572164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709065/; classtype:trojan-activity;sid:84572165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709066/; classtype:trojan-activity;sid:84572166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709067/; classtype:trojan-activity;sid:84572167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-03-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709068/; classtype:trojan-activity;sid:84572168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709069/; classtype:trojan-activity;sid:84572169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-07-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709070/; classtype:trojan-activity;sid:84572170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709072/; classtype:trojan-activity;sid:84572172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-18/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709042/; classtype:trojan-activity;sid:84572142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709043/; classtype:trojan-activity;sid:84572143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-17/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709044/; classtype:trojan-activity;sid:84572144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709045/; classtype:trojan-activity;sid:84572145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709046/; classtype:trojan-activity;sid:84572146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709047/; classtype:trojan-activity;sid:84572147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709048/; classtype:trojan-activity;sid:84572148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709049/; classtype:trojan-activity;sid:84572149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709050/; classtype:trojan-activity;sid:84572150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709051/; classtype:trojan-activity;sid:84572151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709052/; classtype:trojan-activity;sid:84572152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-04-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709053/; classtype:trojan-activity;sid:84572153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708402)"; flow:established,from_client; content:"GET"; http_method; content:"/ourzz.wav"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clubdetiroelpicarcho.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708402/; classtype:trojan-activity;sid:84571502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707810)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82224_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707810/; classtype:trojan-activity;sid:84570910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707697)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707697/; classtype:trojan-activity;sid:84570797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf_vm.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707699/; classtype:trojan-activity;sid:84570799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704600/; classtype:trojan-activity;sid:84567700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704602/; classtype:trojan-activity;sid:84567702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.78.182.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704547/; classtype:trojan-activity;sid:84567647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704523/; classtype:trojan-activity;sid:84567623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704282)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704282/; classtype:trojan-activity;sid:84567382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704281)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704281/; classtype:trojan-activity;sid:84567381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704279)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704279/; classtype:trojan-activity;sid:84567379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704280)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22025_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704280/; classtype:trojan-activity;sid:84567380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704276)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704276/; classtype:trojan-activity;sid:84567376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704277)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704277/; classtype:trojan-activity;sid:84567377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704275)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704275/; classtype:trojan-activity;sid:84567375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704246)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip/haozip_v6.5.2.11245.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dl.2345.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704246/; classtype:trojan-activity;sid:84567346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704158)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/dev.msi"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704158/; classtype:trojan-activity;sid:84567258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703801)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703801/; classtype:trojan-activity;sid:84566901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703777)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703777/; classtype:trojan-activity;sid:84566877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703767)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61924_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703767/; classtype:trojan-activity;sid:84566867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703764)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703764/; classtype:trojan-activity;sid:84566864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703748)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703748/; classtype:trojan-activity;sid:84566848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703756)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703756/; classtype:trojan-activity;sid:84566856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703743)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_62124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703743/; classtype:trojan-activity;sid:84566843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703745)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703745/; classtype:trojan-activity;sid:84566845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703731)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703731/; classtype:trojan-activity;sid:84566831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703727)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9425_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703727/; classtype:trojan-activity;sid:84566827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703171/; classtype:trojan-activity;sid:84566271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; content:"GET"; http_method; content:"/dersnotlari/02/sora.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.notbak.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702157)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702157/; classtype:trojan-activity;sid:84565257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702121)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702121/; classtype:trojan-activity;sid:84565221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701934)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701934/; classtype:trojan-activity;sid:84565034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701905)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701905/; classtype:trojan-activity;sid:84565005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; content:"GET"; http_method; content:"/scoto.jpb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700320)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700320/; classtype:trojan-activity;sid:84563420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700182)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700182/; classtype:trojan-activity;sid:84563282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699991/; classtype:trojan-activity;sid:84563091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699793)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699793/; classtype:trojan-activity;sid:84562893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; content:"GET"; http_method; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; content:"GET"; http_method; content:"/reprofo.mso"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698410)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698410/; classtype:trojan-activity;sid:84561510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698400/; classtype:trojan-activity;sid:84561500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697906)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697906/; classtype:trojan-activity;sid:84561006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; content:"GET"; http_method; content:"/tran.dsp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; content:"GET"; http_method; content:"/aibkp63.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697097)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=qtuvl0pcseglafunszpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vcc-library.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697097/; classtype:trojan-activity;sid:84560197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; content:"GET"; http_method; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696375)"; flow:established,from_client; content:"GET"; http_method; content:"/content/plugins/fr3.lim"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelees.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696375/; classtype:trojan-activity;sid:84559475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696132)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696132/; classtype:trojan-activity;sid:84559232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.242.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695119/; classtype:trojan-activity;sid:84558219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695114/; classtype:trojan-activity;sid:84558214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.92.110.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693496/; classtype:trojan-activity;sid:84556596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.144.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690708/; classtype:trojan-activity;sid:84553808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; content:"GET"; http_method; content:"/y6m2uw0dgi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"filerit.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; content:"GET"; http_method; content:"/zibll001/ffff/refs/heads/main/web.sh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685141)"; flow:established,from_client; content:"GET"; http_method; content:"/var/albums/etkinlikler/toplanti/2013/soran.jpg.jpeg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"galeri3.arkitera.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685141/; classtype:trojan-activity;sid:84548241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.90.122.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684907/; classtype:trojan-activity;sid:84548007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"khoancatbetong89.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684468)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684468/; classtype:trojan-activity;sid:84547568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684465)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684465/; classtype:trojan-activity;sid:84547565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684466)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684466/; classtype:trojan-activity;sid:84547566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684467)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684467/; classtype:trojan-activity;sid:84547567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684462)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684462/; classtype:trojan-activity;sid:84547562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684463)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684463/; classtype:trojan-activity;sid:84547563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684464)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684464/; classtype:trojan-activity;sid:84547564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684457)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684457/; classtype:trojan-activity;sid:84547557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684458)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684458/; classtype:trojan-activity;sid:84547558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684459)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684459/; classtype:trojan-activity;sid:84547559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684460)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684460/; classtype:trojan-activity;sid:84547560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684461)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684461/; classtype:trojan-activity;sid:84547561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684454)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684454/; classtype:trojan-activity;sid:84547554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684455)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684455/; classtype:trojan-activity;sid:84547555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684456)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684456/; classtype:trojan-activity;sid:84547556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684360)"; flow:established,from_client; content:"GET"; http_method; content:"/898xylbd/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.140.182.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684360/; classtype:trojan-activity;sid:84547460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683958/; classtype:trojan-activity;sid:84547058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683956/; classtype:trojan-activity;sid:84547056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683723)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683723/; classtype:trojan-activity;sid:84546823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681048)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681048/; classtype:trojan-activity;sid:84544148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.234.234.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678015/; classtype:trojan-activity;sid:84541115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.15.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678013/; classtype:trojan-activity;sid:84541113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678006/; classtype:trojan-activity;sid:84541106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.25.123.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677999/; classtype:trojan-activity;sid:84541099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.248.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669939/; classtype:trojan-activity;sid:84533039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/build.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"serasoo.direct.quickconnect.to"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apn-87-251-249-41.static.gprs.plus.pl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668179)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668179/; classtype:trojan-activity;sid:84531279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668174)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668174/; classtype:trojan-activity;sid:84531274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668175)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668175/; classtype:trojan-activity;sid:84531275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668167)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668167/; classtype:trojan-activity;sid:84531267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668168)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668168/; classtype:trojan-activity;sid:84531268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668169)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668169/; classtype:trojan-activity;sid:84531269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668154)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668154/; classtype:trojan-activity;sid:84531254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668155)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668155/; classtype:trojan-activity;sid:84531255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668157)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668157/; classtype:trojan-activity;sid:84531257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668158)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668158/; classtype:trojan-activity;sid:84531258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668139)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668139/; classtype:trojan-activity;sid:84531239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668142/; classtype:trojan-activity;sid:84531242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668130)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668130/; classtype:trojan-activity;sid:84531230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668131)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668131/; classtype:trojan-activity;sid:84531231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667750)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667750/; classtype:trojan-activity;sid:84530850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667591)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667591/; classtype:trojan-activity;sid:84530691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667589/; classtype:trojan-activity;sid:84530689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667587)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667587/; classtype:trojan-activity;sid:84530687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667585)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667585/; classtype:trojan-activity;sid:84530685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667582)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667582/; classtype:trojan-activity;sid:84530682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667583)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667583/; classtype:trojan-activity;sid:84530683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3666829/; classtype:trojan-activity;sid:84529929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666133/; classtype:trojan-activity;sid:84529233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666131/; classtype:trojan-activity;sid:84529231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666130/; classtype:trojan-activity;sid:84529230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-09-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666129/; classtype:trojan-activity;sid:84529229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666128/; classtype:trojan-activity;sid:84529228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666127/; classtype:trojan-activity;sid:84529227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666123/; classtype:trojan-activity;sid:84529223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666124/; classtype:trojan-activity;sid:84529224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666125/; classtype:trojan-activity;sid:84529225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666126/; classtype:trojan-activity;sid:84529226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666121/; classtype:trojan-activity;sid:84529221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666122/; classtype:trojan-activity;sid:84529222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666120/; classtype:trojan-activity;sid:84529220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666118/; classtype:trojan-activity;sid:84529218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666119/; classtype:trojan-activity;sid:84529219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666113/; classtype:trojan-activity;sid:84529213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666114/; classtype:trojan-activity;sid:84529214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666116/; classtype:trojan-activity;sid:84529216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666117/; classtype:trojan-activity;sid:84529217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666110/; classtype:trojan-activity;sid:84529210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666111/; classtype:trojan-activity;sid:84529211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666112/; classtype:trojan-activity;sid:84529212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666105/; classtype:trojan-activity;sid:84529205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666106/; classtype:trojan-activity;sid:84529206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666107/; classtype:trojan-activity;sid:84529207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666108/; classtype:trojan-activity;sid:84529208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666109/; classtype:trojan-activity;sid:84529209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666101/; classtype:trojan-activity;sid:84529201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666102/; classtype:trojan-activity;sid:84529202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666103/; classtype:trojan-activity;sid:84529203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666104/; classtype:trojan-activity;sid:84529204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666096/; classtype:trojan-activity;sid:84529196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-09-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666098/; classtype:trojan-activity;sid:84529198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666099/; classtype:trojan-activity;sid:84529199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666092/; classtype:trojan-activity;sid:84529192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666094/; classtype:trojan-activity;sid:84529194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666090/; classtype:trojan-activity;sid:84529190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666089/; classtype:trojan-activity;sid:84529189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666084/; classtype:trojan-activity;sid:84529184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666081/; classtype:trojan-activity;sid:84529181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666082/; classtype:trojan-activity;sid:84529182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666083/; classtype:trojan-activity;sid:84529183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666069/; classtype:trojan-activity;sid:84529169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666070/; classtype:trojan-activity;sid:84529170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666071/; classtype:trojan-activity;sid:84529171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666073/; classtype:trojan-activity;sid:84529173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666075/; classtype:trojan-activity;sid:84529175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666076/; classtype:trojan-activity;sid:84529176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666080/; classtype:trojan-activity;sid:84529180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666066/; classtype:trojan-activity;sid:84529166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666065/; classtype:trojan-activity;sid:84529165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666063/; classtype:trojan-activity;sid:84529163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666062/; classtype:trojan-activity;sid:84529162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666061/; classtype:trojan-activity;sid:84529161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666060/; classtype:trojan-activity;sid:84529160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666059/; classtype:trojan-activity;sid:84529159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666058/; classtype:trojan-activity;sid:84529158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666057/; classtype:trojan-activity;sid:84529157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666056/; classtype:trojan-activity;sid:84529156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666053/; classtype:trojan-activity;sid:84529153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666055/; classtype:trojan-activity;sid:84529155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666048/; classtype:trojan-activity;sid:84529148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666049/; classtype:trojan-activity;sid:84529149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-02-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666050/; classtype:trojan-activity;sid:84529150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666051/; classtype:trojan-activity;sid:84529151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666052/; classtype:trojan-activity;sid:84529152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666042/; classtype:trojan-activity;sid:84529142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666043/; classtype:trojan-activity;sid:84529143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666044/; classtype:trojan-activity;sid:84529144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666045/; classtype:trojan-activity;sid:84529145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-17/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666046/; classtype:trojan-activity;sid:84529146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666047/; classtype:trojan-activity;sid:84529147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666038/; classtype:trojan-activity;sid:84529138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666039/; classtype:trojan-activity;sid:84529139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666041/; classtype:trojan-activity;sid:84529141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666036/; classtype:trojan-activity;sid:84529136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666037/; classtype:trojan-activity;sid:84529137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666033/; classtype:trojan-activity;sid:84529133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666034/; classtype:trojan-activity;sid:84529134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666035/; classtype:trojan-activity;sid:84529135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-07-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666032/; classtype:trojan-activity;sid:84529132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666028/; classtype:trojan-activity;sid:84529128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666029/; classtype:trojan-activity;sid:84529129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666030/; classtype:trojan-activity;sid:84529130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666031/; classtype:trojan-activity;sid:84529131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-03-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666027/; classtype:trojan-activity;sid:84529127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666026/; classtype:trojan-activity;sid:84529126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666020/; classtype:trojan-activity;sid:84529120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666021/; classtype:trojan-activity;sid:84529121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666022/; classtype:trojan-activity;sid:84529122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666023/; classtype:trojan-activity;sid:84529123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666024/; classtype:trojan-activity;sid:84529124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666025/; classtype:trojan-activity;sid:84529125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666018/; classtype:trojan-activity;sid:84529118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666019/; classtype:trojan-activity;sid:84529119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666015/; classtype:trojan-activity;sid:84529115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666017/; classtype:trojan-activity;sid:84529117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666014/; classtype:trojan-activity;sid:84529114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666013/; classtype:trojan-activity;sid:84529113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665807/; classtype:trojan-activity;sid:84528907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665805)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665805/; classtype:trojan-activity;sid:84528905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665801/; classtype:trojan-activity;sid:84528901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665802)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665802/; classtype:trojan-activity;sid:84528902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665803/; classtype:trojan-activity;sid:84528903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665799/; classtype:trojan-activity;sid:84528899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665796/; classtype:trojan-activity;sid:84528896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665788)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665788/; classtype:trojan-activity;sid:84528888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665779)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665779/; classtype:trojan-activity;sid:84528879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665767/; classtype:trojan-activity;sid:84528867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.91.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665742)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665742/; classtype:trojan-activity;sid:84528842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665733/; classtype:trojan-activity;sid:84528833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665715)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665715/; classtype:trojan-activity;sid:84528815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665712)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665712/; classtype:trojan-activity;sid:84528812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665709/; classtype:trojan-activity;sid:84528809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665699/; classtype:trojan-activity;sid:84528799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665700)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.4.52.242"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665700/; classtype:trojan-activity;sid:84528800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665677/; classtype:trojan-activity;sid:84528777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665674)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665674/; classtype:trojan-activity;sid:84528774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665669/; classtype:trojan-activity;sid:84528769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665664)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665664/; classtype:trojan-activity;sid:84528764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665656)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665656/; classtype:trojan-activity;sid:84528756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665646)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/chendesheng/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665646/; classtype:trojan-activity;sid:84528746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665645)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/productcode/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665645/; classtype:trojan-activity;sid:84528745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665643)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/trkjob/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665643/; classtype:trojan-activity;sid:84528743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665644)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665644/; classtype:trojan-activity;sid:84528744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665642)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665642/; classtype:trojan-activity;sid:84528742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665641)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/2_0_50727/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665641/; classtype:trojan-activity;sid:84528741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665640)"; flow:established,from_client; content:"GET"; http_method; content:"/image/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665640/; classtype:trojan-activity;sid:84528740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665639)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665639/; classtype:trojan-activity;sid:84528739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665635)"; flow:established,from_client; content:"GET"; http_method; content:"/check_update_apk/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665635/; classtype:trojan-activity;sid:84528735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665636)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665636/; classtype:trojan-activity;sid:84528736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665637)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/system_web/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665637/; classtype:trojan-activity;sid:84528737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665634)"; flow:established,from_client; content:"GET"; http_method; content:"/template/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665634/; classtype:trojan-activity;sid:84528734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665633)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665633/; classtype:trojan-activity;sid:84528733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665630)"; flow:established,from_client; content:"GET"; http_method; content:"/cfg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665630/; classtype:trojan-activity;sid:84528730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665627)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/aspnet_client/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665627/; classtype:trojan-activity;sid:84528727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665626)"; flow:established,from_client; content:"GET"; http_method; content:"/toupdateapk/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665626/; classtype:trojan-activity;sid:84528726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665625)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/cys/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665625/; classtype:trojan-activity;sid:84528725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665624)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/sysreport/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665624/; classtype:trojan-activity;sid:84528724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665622)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/testappicon/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665622/; classtype:trojan-activity;sid:84528722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665623)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/null/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665623/; classtype:trojan-activity;sid:84528723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665621)"; flow:established,from_client; content:"GET"; http_method; content:"/attachment/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665621/; classtype:trojan-activity;sid:84528721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665619)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc-testapp-/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665619/; classtype:trojan-activity;sid:84528719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665617)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/maanbang/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665617/; classtype:trojan-activity;sid:84528717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665616)"; flow:established,from_client; content:"GET"; http_method; content:"/qdsc/liubin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"106.38.32.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665616/; classtype:trojan-activity;sid:84528716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665611/; classtype:trojan-activity;sid:84528711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665612)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665612/; classtype:trojan-activity;sid:84528712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665613)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665613/; classtype:trojan-activity;sid:84528713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662908/; classtype:trojan-activity;sid:84526008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660640)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660640/; classtype:trojan-activity;sid:84523740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660598)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660598/; classtype:trojan-activity;sid:84523698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660585)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660585/; classtype:trojan-activity;sid:84523685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660536)"; flow:established,from_client; content:"GET"; http_method; content:"/pathdata/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660536/; classtype:trojan-activity;sid:84523636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660537)"; flow:established,from_client; content:"GET"; http_method; content:"/sxs/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660537/; classtype:trojan-activity;sid:84523637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660538)"; flow:established,from_client; content:"GET"; http_method; content:"/user/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660538/; classtype:trojan-activity;sid:84523638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660513)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660513/; classtype:trojan-activity;sid:84523613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.178.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660487/; classtype:trojan-activity;sid:84523587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.25.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660470/; classtype:trojan-activity;sid:84523570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660330)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660330/; classtype:trojan-activity;sid:84523430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660328)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660328/; classtype:trojan-activity;sid:84523428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660290)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660290/; classtype:trojan-activity;sid:84523390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659835/; classtype:trojan-activity;sid:84522935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659808/; classtype:trojan-activity;sid:84522908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659801/; classtype:trojan-activity;sid:84522901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.187.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659802/; classtype:trojan-activity;sid:84522902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659766/; classtype:trojan-activity;sid:84522866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656725)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.96.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656725/; classtype:trojan-activity;sid:84519825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.76.153.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656592)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656592/; classtype:trojan-activity;sid:84519692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.118.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656057/; classtype:trojan-activity;sid:84519157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656047)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656047/; classtype:trojan-activity;sid:84519147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656038/; classtype:trojan-activity;sid:84519138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655981/; classtype:trojan-activity;sid:84519081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655851)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655851/; classtype:trojan-activity;sid:84518951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655842/; classtype:trojan-activity;sid:84518942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655837/; classtype:trojan-activity;sid:84518937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655745)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655745/; classtype:trojan-activity;sid:84518845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655696)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655696/; classtype:trojan-activity;sid:84518796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655495/; classtype:trojan-activity;sid:84518595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655468/; classtype:trojan-activity;sid:84518568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655466)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655466/; classtype:trojan-activity;sid:84518566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655368/; classtype:trojan-activity;sid:84518468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655228)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655228/; classtype:trojan-activity;sid:84518328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655143)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655143/; classtype:trojan-activity;sid:84518243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655093/; classtype:trojan-activity;sid:84518193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655089)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655089/; classtype:trojan-activity;sid:84518189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655073)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655073/; classtype:trojan-activity;sid:84518173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655046)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655046/; classtype:trojan-activity;sid:84518146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655010)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655010/; classtype:trojan-activity;sid:84518110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654970)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654970/; classtype:trojan-activity;sid:84518070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654957)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654957/; classtype:trojan-activity;sid:84518057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654928)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654928/; classtype:trojan-activity;sid:84518028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654922)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654922/; classtype:trojan-activity;sid:84518022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654880/; classtype:trojan-activity;sid:84517980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654848)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654848/; classtype:trojan-activity;sid:84517948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654769/; classtype:trojan-activity;sid:84517869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654748)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654748/; classtype:trojan-activity;sid:84517848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654735/; classtype:trojan-activity;sid:84517835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654729/; classtype:trojan-activity;sid:84517829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654727/; classtype:trojan-activity;sid:84517827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654709)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654709/; classtype:trojan-activity;sid:84517809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654708)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654708/; classtype:trojan-activity;sid:84517808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654620/; classtype:trojan-activity;sid:84517720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654537)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654537/; classtype:trojan-activity;sid:84517637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654445)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654445/; classtype:trojan-activity;sid:84517545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654347)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654347/; classtype:trojan-activity;sid:84517447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654312)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654312/; classtype:trojan-activity;sid:84517412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654284)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654284/; classtype:trojan-activity;sid:84517384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654273)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654273/; classtype:trojan-activity;sid:84517373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654259/; classtype:trojan-activity;sid:84517359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654208)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654208/; classtype:trojan-activity;sid:84517308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654173)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654173/; classtype:trojan-activity;sid:84517273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654163/; classtype:trojan-activity;sid:84517263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654125/; classtype:trojan-activity;sid:84517225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654054/; classtype:trojan-activity;sid:84517154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654038)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654038/; classtype:trojan-activity;sid:84517138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654018)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654018/; classtype:trojan-activity;sid:84517118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654000)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654000/; classtype:trojan-activity;sid:84517100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653939/; classtype:trojan-activity;sid:84517039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653930)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653930/; classtype:trojan-activity;sid:84517030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653852/; classtype:trojan-activity;sid:84516952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653847/; classtype:trojan-activity;sid:84516947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653813)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653813/; classtype:trojan-activity;sid:84516913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653794/; classtype:trojan-activity;sid:84516894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653745/; classtype:trojan-activity;sid:84516845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653702/; classtype:trojan-activity;sid:84516802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.10.149.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653701/; classtype:trojan-activity;sid:84516801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653691/; classtype:trojan-activity;sid:84516791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653683/; classtype:trojan-activity;sid:84516783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653650/; classtype:trojan-activity;sid:84516750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653651/; classtype:trojan-activity;sid:84516751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653500/; classtype:trojan-activity;sid:84516600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653495/; classtype:trojan-activity;sid:84516595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-11-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653482/; classtype:trojan-activity;sid:84516582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653380/; classtype:trojan-activity;sid:84516480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653365/; classtype:trojan-activity;sid:84516465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653310/; classtype:trojan-activity;sid:84516410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653311/; classtype:trojan-activity;sid:84516411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653143/; classtype:trojan-activity;sid:84516243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653121/; classtype:trojan-activity;sid:84516221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653069/; classtype:trojan-activity;sid:84516169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653029/; classtype:trojan-activity;sid:84516129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653013/; classtype:trojan-activity;sid:84516113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652999/; classtype:trojan-activity;sid:84516099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653004/; classtype:trojan-activity;sid:84516104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652820/; classtype:trojan-activity;sid:84515920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652767/; classtype:trojan-activity;sid:84515867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652432)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652432/; classtype:trojan-activity;sid:84515532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652363/; classtype:trojan-activity;sid:84515463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652348/; classtype:trojan-activity;sid:84515448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652268/; classtype:trojan-activity;sid:84515368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652247/; classtype:trojan-activity;sid:84515347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652163/; classtype:trojan-activity;sid:84515263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652148/; classtype:trojan-activity;sid:84515248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652133/; classtype:trojan-activity;sid:84515233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652102)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652102/; classtype:trojan-activity;sid:84515202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652016/; classtype:trojan-activity;sid:84515116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652011/; classtype:trojan-activity;sid:84515111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652006/; classtype:trojan-activity;sid:84515106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651917/; classtype:trojan-activity;sid:84515017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651847/; classtype:trojan-activity;sid:84514947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651843/; classtype:trojan-activity;sid:84514943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651773/; classtype:trojan-activity;sid:84514873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651738/; classtype:trojan-activity;sid:84514838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651727/; classtype:trojan-activity;sid:84514827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651699/; classtype:trojan-activity;sid:84514799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651686/; classtype:trojan-activity;sid:84514786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651684/; classtype:trojan-activity;sid:84514784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651664/; classtype:trojan-activity;sid:84514764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651598/; classtype:trojan-activity;sid:84514698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651577/; classtype:trojan-activity;sid:84514677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651531/; classtype:trojan-activity;sid:84514631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651196/; classtype:trojan-activity;sid:84514296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651192/; classtype:trojan-activity;sid:84514292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651188/; classtype:trojan-activity;sid:84514288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651171/; classtype:trojan-activity;sid:84514271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651159/; classtype:trojan-activity;sid:84514259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651156/; classtype:trojan-activity;sid:84514256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651155/; classtype:trojan-activity;sid:84514255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651150/; classtype:trojan-activity;sid:84514250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651142/; classtype:trojan-activity;sid:84514242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651106/; classtype:trojan-activity;sid:84514206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651099/; classtype:trojan-activity;sid:84514199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651097)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651097/; classtype:trojan-activity;sid:84514197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651098/; classtype:trojan-activity;sid:84514198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651096/; classtype:trojan-activity;sid:84514196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651079/; classtype:trojan-activity;sid:84514179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651067/; classtype:trojan-activity;sid:84514167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651031/; classtype:trojan-activity;sid:84514131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651028/; classtype:trojan-activity;sid:84514128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650999/; classtype:trojan-activity;sid:84514099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.248.186.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650994/; classtype:trojan-activity;sid:84514094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-06-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650978/; classtype:trojan-activity;sid:84514078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650949/; classtype:trojan-activity;sid:84514049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650945/; classtype:trojan-activity;sid:84514045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650938)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.251.160.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650938/; classtype:trojan-activity;sid:84514038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650909/; classtype:trojan-activity;sid:84514009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650903/; classtype:trojan-activity;sid:84514003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650904/; classtype:trojan-activity;sid:84514004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650897/; classtype:trojan-activity;sid:84513997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650869/; classtype:trojan-activity;sid:84513969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650863/; classtype:trojan-activity;sid:84513963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650862/; classtype:trojan-activity;sid:84513962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650861/; classtype:trojan-activity;sid:84513961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650841/; classtype:trojan-activity;sid:84513941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650831/; classtype:trojan-activity;sid:84513931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650823/; classtype:trojan-activity;sid:84513923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650821/; classtype:trojan-activity;sid:84513921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650811)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650811/; classtype:trojan-activity;sid:84513911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650808/; classtype:trojan-activity;sid:84513908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-05-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650801/; classtype:trojan-activity;sid:84513901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650783/; classtype:trojan-activity;sid:84513883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650782/; classtype:trojan-activity;sid:84513882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650758/; classtype:trojan-activity;sid:84513858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650751/; classtype:trojan-activity;sid:84513851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650741/; classtype:trojan-activity;sid:84513841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650739/; classtype:trojan-activity;sid:84513839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650731/; classtype:trojan-activity;sid:84513831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-05-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650730/; classtype:trojan-activity;sid:84513830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650714/; classtype:trojan-activity;sid:84513814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650687/; classtype:trojan-activity;sid:84513787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650659/; classtype:trojan-activity;sid:84513759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650653/; classtype:trojan-activity;sid:84513753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-10-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650617/; classtype:trojan-activity;sid:84513717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650612)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650612/; classtype:trojan-activity;sid:84513712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650597)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650597/; classtype:trojan-activity;sid:84513697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650593/; classtype:trojan-activity;sid:84513693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650590/; classtype:trojan-activity;sid:84513690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650563/; classtype:trojan-activity;sid:84513663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650558/; classtype:trojan-activity;sid:84513658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650559)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.72.16.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650559/; classtype:trojan-activity;sid:84513659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650546/; classtype:trojan-activity;sid:84513646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650526/; classtype:trojan-activity;sid:84513626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650521/; classtype:trojan-activity;sid:84513621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650518/; classtype:trojan-activity;sid:84513618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650515/; classtype:trojan-activity;sid:84513615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650507/; classtype:trojan-activity;sid:84513607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650500/; classtype:trojan-activity;sid:84513600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650502/; classtype:trojan-activity;sid:84513602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650487/; classtype:trojan-activity;sid:84513587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650477)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650477/; classtype:trojan-activity;sid:84513577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650476/; classtype:trojan-activity;sid:84513576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650468/; classtype:trojan-activity;sid:84513568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650447/; classtype:trojan-activity;sid:84513547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650444/; classtype:trojan-activity;sid:84513544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650429/; classtype:trojan-activity;sid:84513529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650415/; classtype:trojan-activity;sid:84513515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650400/; classtype:trojan-activity;sid:84513500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650397/; classtype:trojan-activity;sid:84513497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650396/; classtype:trojan-activity;sid:84513496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650389/; classtype:trojan-activity;sid:84513489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650387/; classtype:trojan-activity;sid:84513487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-07-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650384/; classtype:trojan-activity;sid:84513484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650379/; classtype:trojan-activity;sid:84513479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650368/; classtype:trojan-activity;sid:84513468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650352/; classtype:trojan-activity;sid:84513452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650261/; classtype:trojan-activity;sid:84513361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650262/; classtype:trojan-activity;sid:84513362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650242/; classtype:trojan-activity;sid:84513342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650236/; classtype:trojan-activity;sid:84513336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650219/; classtype:trojan-activity;sid:84513319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650200/; classtype:trojan-activity;sid:84513300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650195/; classtype:trojan-activity;sid:84513295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650190/; classtype:trojan-activity;sid:84513290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650187/; classtype:trojan-activity;sid:84513287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650159/; classtype:trojan-activity;sid:84513259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650114/; classtype:trojan-activity;sid:84513214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650115/; classtype:trojan-activity;sid:84513215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-08-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650111/; classtype:trojan-activity;sid:84513211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650105/; classtype:trojan-activity;sid:84513205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650086/; classtype:trojan-activity;sid:84513186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650087/; classtype:trojan-activity;sid:84513187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650085/; classtype:trojan-activity;sid:84513185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650083/; classtype:trojan-activity;sid:84513183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650080/; classtype:trojan-activity;sid:84513180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650055/; classtype:trojan-activity;sid:84513155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650054/; classtype:trojan-activity;sid:84513154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650044/; classtype:trojan-activity;sid:84513144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650035/; classtype:trojan-activity;sid:84513135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650020/; classtype:trojan-activity;sid:84513120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650007/; classtype:trojan-activity;sid:84513107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649964/; classtype:trojan-activity;sid:84513064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649937/; classtype:trojan-activity;sid:84513037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649935/; classtype:trojan-activity;sid:84513035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649928/; classtype:trojan-activity;sid:84513028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649922/; classtype:trojan-activity;sid:84513022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649901/; classtype:trojan-activity;sid:84513001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649861/; classtype:trojan-activity;sid:84512961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649856/; classtype:trojan-activity;sid:84512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649850/; classtype:trojan-activity;sid:84512950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649844/; classtype:trojan-activity;sid:84512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649815/; classtype:trojan-activity;sid:84512915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649802/; classtype:trojan-activity;sid:84512902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-07-28/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649777/; classtype:trojan-activity;sid:84512877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649775/; classtype:trojan-activity;sid:84512875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-06-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649760/; classtype:trojan-activity;sid:84512860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649702/; classtype:trojan-activity;sid:84512802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649689/; classtype:trojan-activity;sid:84512789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649663/; classtype:trojan-activity;sid:84512763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649662/; classtype:trojan-activity;sid:84512762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649651/; classtype:trojan-activity;sid:84512751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649653/; classtype:trojan-activity;sid:84512753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649650/; classtype:trojan-activity;sid:84512750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649636/; classtype:trojan-activity;sid:84512736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649618/; classtype:trojan-activity;sid:84512718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649605/; classtype:trojan-activity;sid:84512705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-10-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649599/; classtype:trojan-activity;sid:84512699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649594/; classtype:trojan-activity;sid:84512694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649588/; classtype:trojan-activity;sid:84512688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649580/; classtype:trojan-activity;sid:84512680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649578/; classtype:trojan-activity;sid:84512678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649560/; classtype:trojan-activity;sid:84512660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649535/; classtype:trojan-activity;sid:84512635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649529/; classtype:trojan-activity;sid:84512629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649506/; classtype:trojan-activity;sid:84512606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649495/; classtype:trojan-activity;sid:84512595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649494/; classtype:trojan-activity;sid:84512594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649486/; classtype:trojan-activity;sid:84512586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649484/; classtype:trojan-activity;sid:84512584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649456/; classtype:trojan-activity;sid:84512556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649458)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649458/; classtype:trojan-activity;sid:84512558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649427/; classtype:trojan-activity;sid:84512527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649420/; classtype:trojan-activity;sid:84512520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649402/; classtype:trojan-activity;sid:84512502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649391/; classtype:trojan-activity;sid:84512491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649380/; classtype:trojan-activity;sid:84512480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649376/; classtype:trojan-activity;sid:84512476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649363/; classtype:trojan-activity;sid:84512463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649359/; classtype:trojan-activity;sid:84512459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649355)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649355/; classtype:trojan-activity;sid:84512455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649352/; classtype:trojan-activity;sid:84512452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649336/; classtype:trojan-activity;sid:84512436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649327/; classtype:trojan-activity;sid:84512427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649305/; classtype:trojan-activity;sid:84512405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649299/; classtype:trojan-activity;sid:84512399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649290/; classtype:trojan-activity;sid:84512390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649286/; classtype:trojan-activity;sid:84512386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649285/; classtype:trojan-activity;sid:84512385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649284/; classtype:trojan-activity;sid:84512384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649281/; classtype:trojan-activity;sid:84512381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649275/; classtype:trojan-activity;sid:84512375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649270/; classtype:trojan-activity;sid:84512370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649266/; classtype:trojan-activity;sid:84512366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649256/; classtype:trojan-activity;sid:84512356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649231/; classtype:trojan-activity;sid:84512331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649215/; classtype:trojan-activity;sid:84512315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649213/; classtype:trojan-activity;sid:84512313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-12-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649208/; classtype:trojan-activity;sid:84512308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649205/; classtype:trojan-activity;sid:84512305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649196/; classtype:trojan-activity;sid:84512296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649191/; classtype:trojan-activity;sid:84512291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649186/; classtype:trojan-activity;sid:84512286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649179/; classtype:trojan-activity;sid:84512279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-10-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649160/; classtype:trojan-activity;sid:84512260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649136/; classtype:trojan-activity;sid:84512236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649097/; classtype:trojan-activity;sid:84512197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649082/; classtype:trojan-activity;sid:84512182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649077/; classtype:trojan-activity;sid:84512177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649071/; classtype:trojan-activity;sid:84512171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649062/; classtype:trojan-activity;sid:84512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649058/; classtype:trojan-activity;sid:84512158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649048/; classtype:trojan-activity;sid:84512148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649044/; classtype:trojan-activity;sid:84512144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649039/; classtype:trojan-activity;sid:84512139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649016/; classtype:trojan-activity;sid:84512116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649008/; classtype:trojan-activity;sid:84512108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649005/; classtype:trojan-activity;sid:84512105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648994/; classtype:trojan-activity;sid:84512094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-11-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648996/; classtype:trojan-activity;sid:84512096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648982/; classtype:trojan-activity;sid:84512082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648979/; classtype:trojan-activity;sid:84512079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648963/; classtype:trojan-activity;sid:84512063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648968/; classtype:trojan-activity;sid:84512068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648927/; classtype:trojan-activity;sid:84512027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648928/; classtype:trojan-activity;sid:84512028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648914/; classtype:trojan-activity;sid:84512014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648898/; classtype:trojan-activity;sid:84511998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648893/; classtype:trojan-activity;sid:84511993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-02-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648881/; classtype:trojan-activity;sid:84511981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648876/; classtype:trojan-activity;sid:84511976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648850/; classtype:trojan-activity;sid:84511950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648841/; classtype:trojan-activity;sid:84511941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648830/; classtype:trojan-activity;sid:84511930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648812/; classtype:trojan-activity;sid:84511912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648810/; classtype:trojan-activity;sid:84511910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648806/; classtype:trojan-activity;sid:84511906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648799/; classtype:trojan-activity;sid:84511899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648789/; classtype:trojan-activity;sid:84511889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648790/; classtype:trojan-activity;sid:84511890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648780/; classtype:trojan-activity;sid:84511880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648778/; classtype:trojan-activity;sid:84511878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648768/; classtype:trojan-activity;sid:84511868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648765/; classtype:trojan-activity;sid:84511865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648759/; classtype:trojan-activity;sid:84511859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648757/; classtype:trojan-activity;sid:84511857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648741/; classtype:trojan-activity;sid:84511841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648728/; classtype:trojan-activity;sid:84511828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648719/; classtype:trojan-activity;sid:84511819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648712/; classtype:trojan-activity;sid:84511812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648711/; classtype:trojan-activity;sid:84511811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648708/; classtype:trojan-activity;sid:84511808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648707/; classtype:trojan-activity;sid:84511807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648706/; classtype:trojan-activity;sid:84511806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648679/; classtype:trojan-activity;sid:84511779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648680/; classtype:trojan-activity;sid:84511780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648674/; classtype:trojan-activity;sid:84511774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648675/; classtype:trojan-activity;sid:84511775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648656/; classtype:trojan-activity;sid:84511756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648660/; classtype:trojan-activity;sid:84511760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648649/; classtype:trojan-activity;sid:84511749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-06-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648644/; classtype:trojan-activity;sid:84511744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648647/; classtype:trojan-activity;sid:84511747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648640/; classtype:trojan-activity;sid:84511740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648638/; classtype:trojan-activity;sid:84511738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648622/; classtype:trojan-activity;sid:84511722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648611/; classtype:trojan-activity;sid:84511711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648614/; classtype:trojan-activity;sid:84511714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648599/; classtype:trojan-activity;sid:84511699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648594/; classtype:trojan-activity;sid:84511694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-03-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648585/; classtype:trojan-activity;sid:84511685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648588/; classtype:trojan-activity;sid:84511688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648567/; classtype:trojan-activity;sid:84511667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-03-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648572/; classtype:trojan-activity;sid:84511672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648527/; classtype:trojan-activity;sid:84511627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648357/; classtype:trojan-activity;sid:84511457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/unused%20desktop%20shortcuts/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648354/; classtype:trojan-activity;sid:84511454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/downloads/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648213/; classtype:trojan-activity;sid:84511313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/history/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648112/; classtype:trojan-activity;sid:84511212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/raj%20sir/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647826/; classtype:trojan-activity;sid:84510926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647813/; classtype:trojan-activity;sid:84510913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/sail%20performa%20jan11/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647655/; classtype:trojan-activity;sid:84510755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.220.234.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647513/; classtype:trojan-activity;sid:84510613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; content:"GET"; http_method; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"best10cdn.blob.core.windows.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646426)"; flow:established,from_client; content:"GET"; http_method; content:"/images/optimized_msi.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mobshah.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646426/; classtype:trojan-activity;sid:84509526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jqqvlru0vaih3z.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"toolshare.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645972/; classtype:trojan-activity;sid:84509072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645969)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645969/; classtype:trojan-activity;sid:84509069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645970)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645970/; classtype:trojan-activity;sid:84509070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645971)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645971/; classtype:trojan-activity;sid:84509071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645968)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645968/; classtype:trojan-activity;sid:84509068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645967)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645967/; classtype:trojan-activity;sid:84509067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645966)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645966/; classtype:trojan-activity;sid:84509066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645962)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645962/; classtype:trojan-activity;sid:84509062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645963)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645963/; classtype:trojan-activity;sid:84509063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645964)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645964/; classtype:trojan-activity;sid:84509064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645965)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645965/; classtype:trojan-activity;sid:84509065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645961)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645961/; classtype:trojan-activity;sid:84509061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645960)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645960/; classtype:trojan-activity;sid:84509060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645957)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645957/; classtype:trojan-activity;sid:84509057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645958/; classtype:trojan-activity;sid:84509058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645959)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645959/; classtype:trojan-activity;sid:84509059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645955)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645955/; classtype:trojan-activity;sid:84509055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645956)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"def163.keenetic.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645956/; classtype:trojan-activity;sid:84509056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645950)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.intelligradeeducation.vicentecisnerospub.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645950/; classtype:trojan-activity;sid:84509050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/neha%20imagecopy/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645889/; classtype:trojan-activity;sid:84508989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.185.26.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/wallpaper/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645854/; classtype:trojan-activity;sid:84508954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20music/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645847/; classtype:trojan-activity;sid:84508947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20scans/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645832/; classtype:trojan-activity;sid:84508932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645827/; classtype:trojan-activity;sid:84508927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/various%20files/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645760/; classtype:trojan-activity;sid:84508860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645751)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/charter%20party/info.zip"; http_uri; depth:144; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645751/; classtype:trojan-activity;sid:84508851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/bhushan/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645677/; classtype:trojan-activity;sid:84508777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645600)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/powershell/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645600/; classtype:trojan-activity;sid:84508700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645569)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/info.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645569/; classtype:trojan-activity;sid:84508669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645516)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/my%20docs/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645516/; classtype:trojan-activity;sid:84508616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645322/; classtype:trojan-activity;sid:84508422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/cp%20transchart/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645234/; classtype:trojan-activity;sid:84508334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645139/; classtype:trojan-activity;sid:84508239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644784/; classtype:trojan-activity;sid:84507884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644339/; classtype:trojan-activity;sid:84507439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/for%20xp%20sp2/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643147/; classtype:trojan-activity;sid:84506247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; content:"GET"; http_method; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/inipaytest/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642692)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642692/; classtype:trojan-activity;sid:84505792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/log/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642634)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642634/; classtype:trojan-activity;sid:84505734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; content:"GET"; http_method; content:"/02/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; content:"GET"; http_method; content:"/big/html/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; content:"GET"; http_method; content:"/big/sql%20server%202014/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; content:"GET"; http_method; content:"/01/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642297/; classtype:trojan-activity;sid:84505397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/inipaytest/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; content:"GET"; http_method; content:"/big/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/jungminsof/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; content:"GET"; http_method; content:"/images/art/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637224)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.100021.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637224/; classtype:trojan-activity;sid:84500324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; content:"GET"; http_method; content:"/images/bot.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"atasapka.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26072024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637188/; classtype:trojan-activity;sid:84500288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12062024095414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637185/; classtype:trojan-activity;sid:84500285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8465/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637162/; classtype:trojan-activity;sid:84500262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19062024103023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637138/; classtype:trojan-activity;sid:84500238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02082024083649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637099/; classtype:trojan-activity;sid:84500199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8029/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024084956/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637094/; classtype:trojan-activity;sid:84500194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/tek/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/badmail/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20072024103050/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637039/; classtype:trojan-activity;sid:84500139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02072024072748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637040/; classtype:trojan-activity;sid:84500140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637008/; classtype:trojan-activity;sid:84500108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/drop/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17062024075813/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636978/; classtype:trojan-activity;sid:84500078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8051/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636953/; classtype:trojan-activity;sid:84500053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636951/; classtype:trojan-activity;sid:84500051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23092024073238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636941/; classtype:trojan-activity;sid:84500041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024174750/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636929/; classtype:trojan-activity;sid:84500029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8318/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02072024115435/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636910/; classtype:trojan-activity;sid:84500010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03072024113724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636900/; classtype:trojan-activity;sid:84500000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8334/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024124237/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636893/; classtype:trojan-activity;sid:84499993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8325/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06072024112721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636845/; classtype:trojan-activity;sid:84499945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8326/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024120102/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636840/; classtype:trojan-activity;sid:84499940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-activity;sid:84499923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06102024112545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636816/; classtype:trojan-activity;sid:84499916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181057/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636817/; classtype:trojan-activity;sid:84499917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02072024073145/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636818/; classtype:trojan-activity;sid:84499918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21062024070935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636819/; classtype:trojan-activity;sid:84499919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06082024120113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636820/; classtype:trojan-activity;sid:84499920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27062024081736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636821/; classtype:trojan-activity;sid:84499921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29082024071803/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636822/; classtype:trojan-activity;sid:84499922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024113513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636815/; classtype:trojan-activity;sid:84499915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25072024071606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636814/; classtype:trojan-activity;sid:84499914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12062024085922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636812/; classtype:trojan-activity;sid:84499912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024152101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636813/; classtype:trojan-activity;sid:84499913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08072024113231/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636811/; classtype:trojan-activity;sid:84499911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636806/; classtype:trojan-activity;sid:84499906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636807/; classtype:trojan-activity;sid:84499907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636809)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/20082024121600/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636809/; classtype:trojan-activity;sid:84499909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26092024115544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636810/; classtype:trojan-activity;sid:84499910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/28082024070417/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636803/; classtype:trojan-activity;sid:84499903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024143113/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636804/; classtype:trojan-activity;sid:84499904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636800)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13092024071052/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636800/; classtype:trojan-activity;sid:84499900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10062024180136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636801/; classtype:trojan-activity;sid:84499901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175356/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636802/; classtype:trojan-activity;sid:84499902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27082024070328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636799/; classtype:trojan-activity;sid:84499899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8050/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636798/; classtype:trojan-activity;sid:84499898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636795)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18062024071837/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636795/; classtype:trojan-activity;sid:84499895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18072024120409/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636796/; classtype:trojan-activity;sid:84499896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30082024111343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636797/; classtype:trojan-activity;sid:84499897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/21082024112544/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636794/; classtype:trojan-activity;sid:84499894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19072024111357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636791/; classtype:trojan-activity;sid:84499891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636784)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024175200/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636784/; classtype:trojan-activity;sid:84499884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30072024115935/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636785/; classtype:trojan-activity;sid:84499885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024114819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636786/; classtype:trojan-activity;sid:84499886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024070959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636788/; classtype:trojan-activity;sid:84499888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05092024120909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636789/; classtype:trojan-activity;sid:84499889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05072024112530/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636790/; classtype:trojan-activity;sid:84499890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024115132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636783/; classtype:trojan-activity;sid:84499883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024114316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636782/; classtype:trojan-activity;sid:84499882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024113136/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636781/; classtype:trojan-activity;sid:84499881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04072024170824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636779/; classtype:trojan-activity;sid:84499879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024135746/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636780/; classtype:trojan-activity;sid:84499880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115515/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636777/; classtype:trojan-activity;sid:84499877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024115926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636778/; classtype:trojan-activity;sid:84499878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024082013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636775/; classtype:trojan-activity;sid:84499875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10072024110114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636776/; classtype:trojan-activity;sid:84499876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024071919/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636773/; classtype:trojan-activity;sid:84499873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19082024070444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636771/; classtype:trojan-activity;sid:84499871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024104419/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636772/; classtype:trojan-activity;sid:84499872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024070754/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636770/; classtype:trojan-activity;sid:84499870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024074514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636769/; classtype:trojan-activity;sid:84499869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23072024073428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636768/; classtype:trojan-activity;sid:84499868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024110029/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636767/; classtype:trojan-activity;sid:84499867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30072024075615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636766/; classtype:trojan-activity;sid:84499866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024173603/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636764/; classtype:trojan-activity;sid:84499864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27092024072930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636763/; classtype:trojan-activity;sid:84499863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14092024070825/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636761/; classtype:trojan-activity;sid:84499861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024105405/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636762/; classtype:trojan-activity;sid:84499862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636760)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/31072024120304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636760/; classtype:trojan-activity;sid:84499860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024171045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636759/; classtype:trojan-activity;sid:84499859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024083204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636757/; classtype:trojan-activity;sid:84499857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024175202/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636758/; classtype:trojan-activity;sid:84499858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/6011/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636756/; classtype:trojan-activity;sid:84499856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09082024071028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636754/; classtype:trojan-activity;sid:84499854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636753)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/bkp/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636753/; classtype:trojan-activity;sid:84499853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11062024074638/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636752/; classtype:trojan-activity;sid:84499852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8318/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636751/; classtype:trojan-activity;sid:84499851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024071328/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636750/; classtype:trojan-activity;sid:84499850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636749)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17082024111540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636749/; classtype:trojan-activity;sid:84499849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25072024111710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636748/; classtype:trojan-activity;sid:84499848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636746/; classtype:trojan-activity;sid:84499846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024072316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636745/; classtype:trojan-activity;sid:84499845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024152842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636744/; classtype:trojan-activity;sid:84499844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/03092024065611/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636743/; classtype:trojan-activity;sid:84499843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/20082024074454/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636742/; classtype:trojan-activity;sid:84499842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14062024182506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636741/; classtype:trojan-activity;sid:84499841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/28062024162227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636740/; classtype:trojan-activity;sid:84499840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25082024112344/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636739/; classtype:trojan-activity;sid:84499839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05102024112225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636736/; classtype:trojan-activity;sid:84499836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22072024112228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636737/; classtype:trojan-activity;sid:84499837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024123948/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636735/; classtype:trojan-activity;sid:84499835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636733)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636733/; classtype:trojan-activity;sid:84499833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/21082024065715/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636734/; classtype:trojan-activity;sid:84499834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163507/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636728/; classtype:trojan-activity;sid:84499828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024111850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636729/; classtype:trojan-activity;sid:84499829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636730/; classtype:trojan-activity;sid:84499830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636731)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/pickup/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636731/; classtype:trojan-activity;sid:84499831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09072024072801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636732/; classtype:trojan-activity;sid:84499832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30082024070843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636727/; classtype:trojan-activity;sid:84499827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15072024111306/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636723/; classtype:trojan-activity;sid:84499823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24072024072622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636724/; classtype:trojan-activity;sid:84499824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23082024120742/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636726/; classtype:trojan-activity;sid:84499826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024121001/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636721/; classtype:trojan-activity;sid:84499821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024162753/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636722/; classtype:trojan-activity;sid:84499822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024130538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636719/; classtype:trojan-activity;sid:84499819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01102024075913/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636720/; classtype:trojan-activity;sid:84499820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31072024110649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636717/; classtype:trojan-activity;sid:84499817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24092024074236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636718/; classtype:trojan-activity;sid:84499818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26092024073810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636715/; classtype:trojan-activity;sid:84499815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024073721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636716/; classtype:trojan-activity;sid:84499816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03102024114713/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636714/; classtype:trojan-activity;sid:84499814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27062024134606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636708/; classtype:trojan-activity;sid:84499808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25092024074358/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636709/; classtype:trojan-activity;sid:84499809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636710/; classtype:trojan-activity;sid:84499810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12092024065636/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636711/; classtype:trojan-activity;sid:84499811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024113359/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636712/; classtype:trojan-activity;sid:84499812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14082024102908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636713/; classtype:trojan-activity;sid:84499813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/27062024074304/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636705/; classtype:trojan-activity;sid:84499805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20092024114457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636706/; classtype:trojan-activity;sid:84499806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636707)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/idi/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636707/; classtype:trojan-activity;sid:84499807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05072024105131/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636703/; classtype:trojan-activity;sid:84499803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024123414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636704/; classtype:trojan-activity;sid:84499804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12062024122748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636698/; classtype:trojan-activity;sid:84499798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636699/; classtype:trojan-activity;sid:84499799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024180206/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636693/; classtype:trojan-activity;sid:84499793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024172514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636694/; classtype:trojan-activity;sid:84499794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024070343/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636695/; classtype:trojan-activity;sid:84499795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024125844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636696/; classtype:trojan-activity;sid:84499796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/01082024070127/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636697/; classtype:trojan-activity;sid:84499797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/30092024073115/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636685/; classtype:trojan-activity;sid:84499785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04102024114428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636686/; classtype:trojan-activity;sid:84499786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024162506/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636687/; classtype:trojan-activity;sid:84499787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024112121/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636688/; classtype:trojan-activity;sid:84499788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13062024123930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636689/; classtype:trojan-activity;sid:84499789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024114833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636690/; classtype:trojan-activity;sid:84499790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22072024071046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636691/; classtype:trojan-activity;sid:84499791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636692/; classtype:trojan-activity;sid:84499792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12072024073215/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636683/; classtype:trojan-activity;sid:84499783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636684/; classtype:trojan-activity;sid:84499784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09092024080429/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636681/; classtype:trojan-activity;sid:84499781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8342/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636682/; classtype:trojan-activity;sid:84499782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16092024071437/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636678/; classtype:trojan-activity;sid:84499778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11092024070152/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636679/; classtype:trojan-activity;sid:84499779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19072024082257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636676/; classtype:trojan-activity;sid:84499776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024173539/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636666/; classtype:trojan-activity;sid:84499766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024074014/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636667/; classtype:trojan-activity;sid:84499767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636668)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/queue/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636668/; classtype:trojan-activity;sid:84499768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636669/; classtype:trojan-activity;sid:84499769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23072024112852/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636670/; classtype:trojan-activity;sid:84499770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024094613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636671/; classtype:trojan-activity;sid:84499771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19082024113816/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636672/; classtype:trojan-activity;sid:84499772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02082024121949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636674/; classtype:trojan-activity;sid:84499774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024185923/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636675/; classtype:trojan-activity;sid:84499775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636662)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130440/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636662/; classtype:trojan-activity;sid:84499762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/05072024082450/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636663/; classtype:trojan-activity;sid:84499763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024181236/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636664/; classtype:trojan-activity;sid:84499764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024150907/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636665/; classtype:trojan-activity;sid:84499765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22082024114017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636656/; classtype:trojan-activity;sid:84499756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14082024065337/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636657/; classtype:trojan-activity;sid:84499757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8059/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636658/; classtype:trojan-activity;sid:84499758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024154958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636659/; classtype:trojan-activity;sid:84499759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636660)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024075130/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636660/; classtype:trojan-activity;sid:84499760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024070807/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636654/; classtype:trojan-activity;sid:84499754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636585)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.98.68"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636585/; classtype:trojan-activity;sid:84499685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636195)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/m2-100125/main/ud.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636195/; classtype:trojan-activity;sid:84499295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636191)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-pd/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636191/; classtype:trojan-activity;sid:84499291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636185)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-3/9325-m1/main/ud.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636185/; classtype:trojan-activity;sid:84499285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636161)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/main/pd-92725.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636161/; classtype:trojan-activity;sid:84499261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636159)"; flow:established,from_client; content:"GET"; http_method; content:"/pd1-pd/d/raw/main/pd-92725.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636159/; classtype:trojan-activity;sid:84499259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636155)"; flow:established,from_client; content:"GET"; http_method; content:"/mh1-m1/pd/main/mh1-pd-92725.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636155/; classtype:trojan-activity;sid:84499255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636156)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/main/u-p.png"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636156/; classtype:trojan-activity;sid:84499256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636151)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-mrw/f096dbcbef9efb4ac45d4b7171898fbc1a4d5d38/ud.png"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636151/; classtype:trojan-activity;sid:84499251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636152)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/u-mrw-1/feeddc44327a3d7f5328ebad35ebe132d0e18f92/ud.png"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636152/; classtype:trojan-activity;sid:84499252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636153)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/a4916b0dfc5588abf04daa866fddc42054a11368/ud.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636153/; classtype:trojan-activity;sid:84499253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636147)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/6325-pudam/66bcf33bad15036f44df9c2ca7808a5de38435a5/u-p.png"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636147/; classtype:trojan-activity;sid:84499247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636141)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/1/296b891ef5d15bc30620bcccb0660d36d3d0a0f9/ud.png"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636141/; classtype:trojan-activity;sid:84499241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.197.122.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635840/; classtype:trojan-activity;sid:84498940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635467)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635467/; classtype:trojan-activity;sid:84498567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.194.248.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635131/; classtype:trojan-activity;sid:84498231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634292)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/raw/refs/heads/main/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634292/; classtype:trojan-activity;sid:84497392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.112.126.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633174/; classtype:trojan-activity;sid:84496274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632299)"; flow:established,from_client; content:"GET"; http_method; content:"/ske1et2/telegrams-best-scrapper/raw/refs/heads/main/slouchy/telegrams-best-scrapper.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_26; reference:url, urlhaus.abuse.ch/url/3632299/; classtype:trojan-activity;sid:84495399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631593)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/installer.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631593/; classtype:trojan-activity;sid:84494693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631583)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/tlp.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631583/; classtype:trojan-activity;sid:84494683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631573)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol11.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631573/; classtype:trojan-activity;sid:84494673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631574)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1488.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631574/; classtype:trojan-activity;sid:84494674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631575)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1210.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631575/; classtype:trojan-activity;sid:84494675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631555)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631555/; classtype:trojan-activity;sid:84494655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631554)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/bsg.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631554/; classtype:trojan-activity;sid:84494654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.95.148.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631233/; classtype:trojan-activity;sid:84494333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630546)"; flow:established,from_client; content:"GET"; http_method; content:"/shaerrlys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630546/; classtype:trojan-activity;sid:84493646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3628584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.117.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_21; reference:url, urlhaus.abuse.ch/url/3628584/; classtype:trojan-activity;sid:84491684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627935/; classtype:trojan-activity;sid:84491035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627210)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.154.188.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627210/; classtype:trojan-activity;sid:84490310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626596)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626596/; classtype:trojan-activity;sid:84489696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626595)"; flow:established,from_client; content:"GET"; http_method; content:"/drilldata/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626595/; classtype:trojan-activity;sid:84489695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626300/; classtype:trojan-activity;sid:84489400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626275)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.62.255.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626275/; classtype:trojan-activity;sid:84489375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623408)"; flow:established,from_client; content:"GET"; http_method; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623408/; classtype:trojan-activity;sid:84486508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; content:"GET"; http_method; content:"/rasadhlp.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"118.25.68.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; content:"GET"; http_method; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/refs/heads/main/software.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; content:"GET"; http_method; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/refs/heads/main/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622759)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622759/; classtype:trojan-activity;sid:84485859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622639)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622639/; classtype:trojan-activity;sid:84485739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622625)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622625/; classtype:trojan-activity;sid:84485725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.hcsnet.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; content:"GET"; http_method; content:"/125.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622547)"; flow:established,from_client; content:"GET"; http_method; content:"/er/45.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622547/; classtype:trojan-activity;sid:84485647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; content:"GET"; http_method; content:"/er/326.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622549)"; flow:established,from_client; content:"GET"; http_method; content:"/er/46.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622549/; classtype:trojan-activity;sid:84485649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; content:"GET"; http_method; content:"/er/1212.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"39.105.223.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3620132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3620132/; classtype:trojan-activity;sid:84483232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hcsnet.com.br"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.100.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617428/; classtype:trojan-activity;sid:84480528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.93.200.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617421/; classtype:trojan-activity;sid:84480521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.126.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615696/; classtype:trojan-activity;sid:84478796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615611)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdbcvdei"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615611/; classtype:trojan-activity;sid:84478711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.109.44.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsupdate.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.x64.silent.cpu.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"129.152.20.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; content:"GET"; http_method; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; content:"GET"; http_method; content:"/827-mh1-3t/827/main/t1.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613629)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/pinaview.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"pinaview.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613629/; classtype:trojan-activity;sid:84476729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; content:"GET"; http_method; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613214/; classtype:trojan-activity;sid:84476314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612734)"; flow:established,from_client; content:"GET"; http_method; content:"/client/better.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"api.ezilax.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612734/; classtype:trojan-activity;sid:84475834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.102.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612605/; classtype:trojan-activity;sid:84475705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.7.149.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612593/; classtype:trojan-activity;sid:84475693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3612304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.43.76.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_27; reference:url, urlhaus.abuse.ch/url/3612304/; classtype:trojan-activity;sid:84475404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/usbmmidd_v2.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.amyuni.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610702)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.72.35.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610702/; classtype:trojan-activity;sid:84473802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610638)"; flow:established,from_client; content:"GET"; http_method; content:"/soul.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"114.66.52.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610638/; classtype:trojan-activity;sid:84473738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tengfeidn.cn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; content:"GET"; http_method; content:"/tfsoft/xftd/v2/ctf/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pcupd.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/jd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; content:"GET"; http_method; content:"/api/upgrade/qcoin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"rdm.91yunma.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/mely.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"areyouready.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; content:"GET"; http_method; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609741)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.186.28.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_23; reference:url, urlhaus.abuse.ch/url/3609741/; classtype:trojan-activity;sid:84472841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609420)"; flow:established,from_client; content:"GET"; http_method; content:"/2/remmbuil.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gestionycobranzas.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609420/; classtype:trojan-activity;sid:84472520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609414)"; flow:established,from_client; content:"GET"; http_method; content:"/2/task.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"gestionycobranzas.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609414/; classtype:trojan-activity;sid:84472514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609409)"; flow:established,from_client; content:"GET"; http_method; content:"/2/task.js"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"gestionycobranzas.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609409/; classtype:trojan-activity;sid:84472509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.197.231.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609150/; classtype:trojan-activity;sid:84472250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609122)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=sljurzjsslqcmdtxdolcw013.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"frozi.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609122/; classtype:trojan-activity;sid:84472222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.45.105.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14082024082341/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608520/; classtype:trojan-activity;sid:84471620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/15072024075523/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608500/; classtype:trojan-activity;sid:84471600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8461/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608483/; classtype:trojan-activity;sid:84471583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/10092024080037/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608479/; classtype:trojan-activity;sid:84471579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024122345/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608467/; classtype:trojan-activity;sid:84471567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.82.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607961)"; flow:established,from_client; content:"GET"; http_method; content:"/ntchuy/hack/refs/heads/main/client.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607961/; classtype:trojan-activity;sid:84471061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; content:"GET"; http_method; content:"/linpeas.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"34.70.102.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607894)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=sncpakg7g9fwre65pslcw016.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"frozi.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607894/; classtype:trojan-activity;sid:84470994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606904)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"visualwikicloud.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606904/; classtype:trojan-activity;sid:84470004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; content:"GET"; http_method; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; content:"GET"; http_method; content:"/atu.lim"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"electri.billregulator.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; content:"GET"; http_method; content:"/2508/9e3363f017c60726bf610a2a472040144t."; http_uri; depth:41; isdataat:!1,relative; nocase; content:"file.uhsea.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.1.150"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_18; reference:url, urlhaus.abuse.ch/url/3605958/; classtype:trojan-activity;sid:84469058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; content:"GET"; http_method; content:"/keepon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604591)"; flow:established,from_client; content:"GET"; http_method; content:"/networke.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604591/; classtype:trojan-activity;sid:84467691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.196.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3602487)"; flow:established,from_client; content:"GET"; http_method; content:"/scanubs9420625fpdf.7z"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"access.skaparade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_08_14; reference:url, urlhaus.abuse.ch/url/3602487/; classtype:trojan-activity;sid:84465587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601597)"; flow:established,from_client; content:"GET"; http_method; content:"/runtime/vc_redist.x64.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"checkfivem.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601597/; classtype:trojan-activity;sid:84464697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599816/; classtype:trojan-activity;sid:84462916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599810)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.122.193.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599810/; classtype:trojan-activity;sid:84462910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599106/; classtype:trojan-activity;sid:84462206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"117.72.183.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; content:"GET"; http_method; content:"/zmyjungmin/img001.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssa/t1.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"isiore.com.co"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; content:"GET"; http_method; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3593771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_31; reference:url, urlhaus.abuse.ch/url/3593771/; classtype:trojan-activity;sid:84456871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.247.208.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; content:"GET"; http_method; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"xshop.com.tr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.95.247.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; content:"GET"; http_method; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; content:"GET"; http_method; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; content:"GET"; http_method; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; content:"GET"; http_method; content:"/anno29/web/raw/refs/heads/main/software.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; content:"GET"; http_method; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; content:"GET"; http_method; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; content:"GET"; http_method; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589467)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589467/; classtype:trojan-activity;sid:84452567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589312)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589312/; classtype:trojan-activity;sid:84452412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.24.52.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588886)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=3hbukcrujg1pozf7wspre002.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"frozi.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_07_24; reference:url, urlhaus.abuse.ch/url/3588886/; classtype:trojan-activity;sid:84451986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3588081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.173.138.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_22; reference:url, urlhaus.abuse.ch/url/3588081/; classtype:trojan-activity;sid:84451181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; content:"GET"; http_method; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; content:"GET"; http_method; content:"//2025/07/19/15/683192372.png"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www2.0zz0.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.97.32.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586154/; classtype:trojan-activity;sid:84449254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.247.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586166/; classtype:trojan-activity;sid:84449266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.37.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586151/; classtype:trojan-activity;sid:84449251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585163/; classtype:trojan-activity;sid:84448263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.236.116.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585169/; classtype:trojan-activity;sid:84448269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585162/; classtype:trojan-activity;sid:84448262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.152.84.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585159/; classtype:trojan-activity;sid:84448259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585053)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cummersmg.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585053/; classtype:trojan-activity;sid:84448153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585052)"; flow:established,from_client; content:"GET"; http_method; content:"/catalog/model/cheekpiecegar.ps1"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585052/; classtype:trojan-activity;sid:84448152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.247.2.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584739/; classtype:trojan-activity;sid:84447839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.191"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584719/; classtype:trojan-activity;sid:84447819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.172"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582620/; classtype:trojan-activity;sid:84445720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582116)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=squbykf3ta5kbkp13hpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"frozi.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_07_12; reference:url, urlhaus.abuse.ch/url/3582116/; classtype:trojan-activity;sid:84445216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.2.45.141"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.191.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.235.22.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580874/; classtype:trojan-activity;sid:84443974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.240.70.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580881/; classtype:trojan-activity;sid:84443981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.153.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580884/; classtype:trojan-activity;sid:84443984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.233"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580863/; classtype:trojan-activity;sid:84443963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3579459)"; flow:established,from_client; content:"GET"; http_method; content:"/test.jpg|3f|137113"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"bafybeidvf6tytrspkd4wnvxzs23m3kjr6bfvgszbfwybmmcosl4rrhvuo4.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2025_07_09; reference:url, urlhaus.abuse.ch/url/3579459/; classtype:trojan-activity;sid:84442559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578386)"; flow:established,from_client; content:"GET"; http_method; content:"/invisiblebunny/records/main/bunny-mini/mini.shell.php"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578386/; classtype:trojan-activity;sid:84441486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; content:"GET"; http_method; content:"/ly4k/pwnkit/main/pwnkit"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577019)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577019/; classtype:trojan-activity;sid:84440119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; content:"GET"; http_method; content:"/1/av.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576990)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576990/; classtype:trojan-activity;sid:84440090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; content:"GET"; http_method; content:"/lost%2bfound/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576981/; classtype:trojan-activity;sid:84440081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576982)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576982/; classtype:trojan-activity;sid:84440082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576983)"; flow:established,from_client; content:"GET"; http_method; content:"/1/video.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576983/; classtype:trojan-activity;sid:84440083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576984)"; flow:established,from_client; content:"GET"; http_method; content:"/1/photo.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576984/; classtype:trojan-activity;sid:84440084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; content:"GET"; http_method; content:"/1/info.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.133.72.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/main/shaman.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; content:"GET"; http_method; content:"/labubu99999/localoco8386/raw/main/update0.bat"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573963/; classtype:trojan-activity;sid:84437063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_134.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lomejordesalamanca.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572294)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.142.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572294/; classtype:trojan-activity;sid:84435394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571424)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f.dof"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"checkinetverifk.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571424/; classtype:trojan-activity;sid:84434524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_29; reference:url, urlhaus.abuse.ch/url/3571262/; classtype:trojan-activity;sid:84434362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570158)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570158/; classtype:trojan-activity;sid:84433258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569802/; classtype:trojan-activity;sid:84432902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.8.83.87"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569803/; classtype:trojan-activity;sid:84432903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569088)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/trapapo.ps1"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www.vuelaviajero.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569088/; classtype:trojan-activity;sid:84432188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; content:"GET"; http_method; content:"/aminer.gz"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568238)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568238/; classtype:trojan-activity;sid:84431338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568230)"; flow:established,from_client; content:"GET"; http_method; content:"/js/new_image.jpg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568230/; classtype:trojan-activity;sid:84431330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568176)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/main/ud.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568176/; classtype:trojan-activity;sid:84431276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568162)"; flow:established,from_client; content:"GET"; http_method; content:"/ud-prog/gv-cu/raw/main/ud.png"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568162/; classtype:trojan-activity;sid:84431262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; content:"GET"; http_method; content:"/xl.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"mundocarnes.cl"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565284)"; flow:established,from_client; content:"GET"; http_method; content:"/svg/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565284/; classtype:trojan-activity;sid:84428384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/badmail/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565261/; classtype:trojan-activity;sid:84428361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; content:"GET"; http_method; content:"/bkp/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/queue/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565254)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565254/; classtype:trojan-activity;sid:84428354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/drop/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/pickup/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; content:"GET"; http_method; content:"/h4lud3ae/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; content:"GET"; http_method; content:"/install/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; content:"GET"; http_method; content:"/relftp/pdf/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; content:"GET"; http_method; content:"/idi/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565240)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp%20-%20copia/idi/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565240/; classtype:trojan-activity;sid:84428340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; content:"GET"; http_method; content:"/gdbftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565081)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565081/; classtype:trojan-activity;sid:84428181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565072)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/templete/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565072/; classtype:trojan-activity;sid:84428172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/photo/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564983)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564983/; classtype:trojan-activity;sid:84428083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/catalina/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; content:"GET"; http_method; content:"/2345downloads/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/tomcat8.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564861)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564861/; classtype:trojan-activity;sid:84427961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/logs/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564855)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/entity/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564855/; classtype:trojan-activity;sid:84427955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; content:"GET"; http_method; content:"/futai/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564823)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564823/; classtype:trojan-activity;sid:84427923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564784)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564784/; classtype:trojan-activity;sid:84427884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/conf/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564731)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564731/; classtype:trojan-activity;sid:84427831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/download/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; content:"GET"; http_method; content:"/xinheyuan/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/bin/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564672)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/dao/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564672/; classtype:trojan-activity;sid:84427772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; content:"GET"; http_method; content:"/hengsheng/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564633)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564633/; classtype:trojan-activity;sid:84427733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; content:"GET"; http_method; content:"/guirui/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564600)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564600/; classtype:trojan-activity;sid:84427700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564589)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564589/; classtype:trojan-activity;sid:84427689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; content:"GET"; http_method; content:"/haohua/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564565)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/chkpt/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564565/; classtype:trojan-activity;sid:84427665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/lib/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/root/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; content:"GET"; http_method; content:"/kaifa/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/temp/poifiles/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/report/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564502)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dao/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564502/; classtype:trojan-activity;sid:84427602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564497)"; flow:established,from_client; content:"GET"; http_method; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564497/; classtype:trojan-activity;sid:84427597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563453)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.67.84.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563453/; classtype:trojan-activity;sid:84426553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"175.178.174.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.51.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.193.115.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.136.88.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563385)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563385/; classtype:trojan-activity;sid:84426485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563380)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563380/; classtype:trojan-activity;sid:84426480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"124.223.73.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"42.194.199.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563362)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.139.88.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563362/; classtype:trojan-activity;sid:84426462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"49.233.172.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.69.185.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"106.55.134.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563253)"; flow:established,from_client; content:"GET"; http_method; content:"/gg.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.18.10.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563253/; classtype:trojan-activity;sid:84426353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; content:"GET"; http_method; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/msglu32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562768)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/energizertrojan-malware.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562768/; classtype:trojan-activity;sid:84425868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/advnetcfg.ocx"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/mssecmgr.ocx"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/boot32drv.sys"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/energizertrojan-malware.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/nteps32.ocx"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; content:"GET"; http_method; content:"/malware/dnsmasq-2.73rc7.tar.gz"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; content:"GET"; http_method; content:"/dangerous/flame/ccalc32.sys"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"172.236.108.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.43.49.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562758)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2020-15972/tear-down.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"119.28.140.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562758/; classtype:trojan-activity;sid:84425858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; content:"GET"; http_method; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.bat"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; content:"GET"; http_method; content:"/live.lnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; content:"GET"; http_method; content:"/uat.lnk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.190.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; content:"GET"; http_method; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561860)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1746669868_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.yz.tcdnos.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561860/; classtype:trojan-activity;sid:84424960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; content:"GET"; http_method; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"dlied6.bytes.tcdnos.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; content:"GET"; http_method; content:"/files/data/drss/drbw.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"124.223.105.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561639)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"123.232.43.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561639/; classtype:trojan-activity;sid:84424739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561086)"; flow:established,from_client; content:"GET"; http_method; content:"/zbsm.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561086/; classtype:trojan-activity;sid:84424186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561082)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jsp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561082/; classtype:trojan-activity;sid:84424182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561083)"; flow:established,from_client; content:"GET"; http_method; content:"/poc.xml"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"1.94.184.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3561083/; classtype:trojan-activity;sid:84424183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560938/; classtype:trojan-activity;sid:84424038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560463)"; flow:established,from_client; content:"GET"; http_method; content:"/website1/hue2/view.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xemhang.vn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560463/; classtype:trojan-activity;sid:84423563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; content:"GET"; http_method; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/loic/master/loic.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; content:"GET"; http_method; content:"/phantompeek/kematian/main/frontend-src/main.bat"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rod_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rmd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/rxd_en_1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.r-tt.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; content:"GET"; http_method; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559327/; classtype:trojan-activity;sid:84422427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; content:"GET"; http_method; content:"/public/update/bmw_v1.7.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"acc.jiangsujiaxue.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; content:"GET"; http_method; content:"/classticket.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"class1004.dothome.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; content:"GET"; http_method; content:"/static/download/teleport-assist-windows.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"58.49.210.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; content:"GET"; http_method; content:"/yx/dts/sqft/904576/yx_dts.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d.14yaa.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559206)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd/services.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"43.229.135.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559206/; classtype:trojan-activity;sid:84422306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; content:"GET"; http_method; content:"/nps.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/keystone.dll"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/sgn.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/powersyringe.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/pe2shc.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/encrypted.enc"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/migrate.rb"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/base64.rb"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558967)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/master/email-worm/amus.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558967/; classtype:trojan-activity;sid:84422067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558969)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/rickware/master/rickroll.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558969/; classtype:trojan-activity;sid:84422069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.26.97.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558602/; classtype:trojan-activity;sid:84421702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; content:"GET"; http_method; content:"/g7_update.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"118.219.11.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558331)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558331/; classtype:trojan-activity;sid:84421431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/urbanvpn.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/svhost.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/second.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/pvp.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/darwin.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558252)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558252/; classtype:trojan-activity;sid:84421352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558247)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/riende.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558247/; classtype:trojan-activity;sid:84421347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/main/payload_encrypted.bin"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/meter/main/meter5555.ps1"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/js-file-test/main/loader.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556675)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/1tronps1.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556675/; classtype:trojan-activity;sid:84419775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556673)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/1framework.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556673/; classtype:trojan-activity;sid:84419773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556668)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/1tronvbs.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556668/; classtype:trojan-activity;sid:84419768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556670)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2025/05/imagens.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"sablayan.seasonshotelmindoro.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556670/; classtype:trojan-activity;sid:84419770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555192)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/raw/refs/heads/master/ransomware/wannacry.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555192/; classtype:trojan-activity;sid:84418292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554334)"; flow:established,from_client; content:"GET"; http_method; content:"/oste.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"celebratingseniors.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554334/; classtype:trojan-activity;sid:84417434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.95.253.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553946/; classtype:trojan-activity;sid:84417046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; content:"GET"; http_method; content:"/bufs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"maidforyou1985.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553629)"; flow:established,from_client; content:"GET"; http_method; content:"/mits.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553629/; classtype:trojan-activity;sid:84416729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553633)"; flow:established,from_client; content:"GET"; http_method; content:"/osxs.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553633/; classtype:trojan-activity;sid:84416733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553609)"; flow:established,from_client; content:"GET"; http_method; content:"/rars.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"windomstatetheater.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553609/; classtype:trojan-activity;sid:84416709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.228.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553268/; classtype:trojan-activity;sid:84416368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552756/; classtype:trojan-activity;sid:84415856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.81.156.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552757/; classtype:trojan-activity;sid:84415857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.83.211.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552741/; classtype:trojan-activity;sid:84415841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; content:"GET"; http_method; content:"/bre"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.204.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552086)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.176.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_25; reference:url, urlhaus.abuse.ch/url/3552086/; classtype:trojan-activity;sid:84415186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552045)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/refs/heads/main/silent%20miner.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552045/; classtype:trojan-activity;sid:84415145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; content:"GET"; http_method; content:"/waf/dracula-cmd/master/dist/colortool.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; content:"GET"; http_method; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; content:"GET"; http_method; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.232.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551953/; classtype:trojan-activity;sid:84415053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551493)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.242.66.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551493/; classtype:trojan-activity;sid:84414593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551361/; classtype:trojan-activity;sid:84414461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; content:"GET"; http_method; content:"/macmid_sonoma_14_5.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"107.198.40.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.59.90.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550381/; classtype:trojan-activity;sid:84413481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.190.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.15.250.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550290/; classtype:trojan-activity;sid:84413390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550019)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550019/; classtype:trojan-activity;sid:84413119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550006)"; flow:established,from_client; content:"GET"; http_method; content:"/3r%bc%bc%ca%f5.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.138.182.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3550006/; classtype:trojan-activity;sid:84413106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.14.68.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.87.82.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547784)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.84.143"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547784/; classtype:trojan-activity;sid:84410884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547782)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.98.176.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547782/; classtype:trojan-activity;sid:84410882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546975/; classtype:trojan-activity;sid:84410075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.236.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/nk/wunbbnvf102.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"planetariumobil.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543803)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543803/; classtype:trojan-activity;sid:84406903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.239.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.40"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.50.222.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541826)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/giphy.gif"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"onfiltre.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541826/; classtype:trojan-activity;sid:84404926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.190.58.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540186/; classtype:trojan-activity;sid:84403286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/pax.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; content:"GET"; http_method; content:"/js_bo/werkstastt/shotstar.prm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.silver-hubdachwohnwagen.de"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.218.225.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539297)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.190.58.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539297/; classtype:trojan-activity;sid:84402397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.211.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538763)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538763/; classtype:trojan-activity;sid:84401863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.209.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538741/; classtype:trojan-activity;sid:84401841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.94.181.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538670)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.202.208.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538670/; classtype:trojan-activity;sid:84401770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538667)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.162.88.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538667/; classtype:trojan-activity;sid:84401767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538179)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.22.42.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538179/; classtype:trojan-activity;sid:84401279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wex.gif"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"stonecradle.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; content:"GET"; http_method; content:"/dl202"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; content:"GET"; http_method; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; content:"GET"; http_method; content:"/dl201"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.102.198.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532855/; classtype:trojan-activity;sid:84395955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532847)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532847/; classtype:trojan-activity;sid:84395947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532848)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532848/; classtype:trojan-activity;sid:84395948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.129.49.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; content:"GET"; http_method; content:"/dl200"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.21.252.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531990/; classtype:trojan-activity;sid:84395090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.168.60.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531986/; classtype:trojan-activity;sid:84395086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531972/; classtype:trojan-activity;sid:84395072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.15.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_01; reference:url, urlhaus.abuse.ch/url/3531975/; classtype:trojan-activity;sid:84395075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3531095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3531095/; classtype:trojan-activity;sid:84394195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.68.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_30; reference:url, urlhaus.abuse.ch/url/3530891/; classtype:trojan-activity;sid:84393991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530248/; classtype:trojan-activity;sid:84393348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3530241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3530241/; classtype:trojan-activity;sid:84393341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529937)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"157.255.22.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529937/; classtype:trojan-activity;sid:84393037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.12.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529934/; classtype:trojan-activity;sid:84393034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.76.101.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529907/; classtype:trojan-activity;sid:84393007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529878)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.4.13.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529878/; classtype:trojan-activity;sid:84392978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.15.96.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529882/; classtype:trojan-activity;sid:84392982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; content:"GET"; http_method; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; content:"GET"; http_method; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528171)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831362/alpha.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528171/; classtype:trojan-activity;sid:84391271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; content:"GET"; http_method; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831288/crack.nurik.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528167)"; flow:established,from_client; content:"GET"; http_method; content:"/firmware/ts2_0001.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.170.254.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528167/; classtype:trojan-activity;sid:84391267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19831450/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/19835739/solarus.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; content:"GET"; http_method; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; content:"GET"; http_method; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; content:"GET"; http_method; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; content:"GET"; http_method; content:"/ui.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"public.demo.securecloudsandbox.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528100)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-pixelit/releases/download/v1.2.2/darts-pixelit.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528100/; classtype:trojan-activity;sid:84391200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528101)"; flow:established,from_client; content:"GET"; http_method; content:"/lbormann/darts-wled/releases/download/v1.8.1/darts-wled.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528101/; classtype:trojan-activity;sid:84391201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; content:"GET"; http_method; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.36.11.185"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527836/; classtype:trojan-activity;sid:84390936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527814)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.57.30.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527814/; classtype:trojan-activity;sid:84390914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; content:"GET"; http_method; content:"/verify-sec"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"msoftdatastore.z22.web.core.windows.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525776)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.39.251.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525776/; classtype:trojan-activity;sid:84388876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.241.40.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525710/; classtype:trojan-activity;sid:84388810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.168.60.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525291/; classtype:trojan-activity;sid:84388391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.110.37.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525151/; classtype:trojan-activity;sid:84388251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.83.203.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; content:"GET"; http_method; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.47.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523621/; classtype:trojan-activity;sid:84386721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; content:"GET"; http_method; content:"/oto"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.30.92.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522876/; classtype:trojan-activity;sid:84385976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/main/ud.bat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.243.36.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520082)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.226.241.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520082/; classtype:trojan-activity;sid:84383182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.43.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520073)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.63.168.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520073/; classtype:trojan-activity;sid:84383173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520075)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"122.55.206.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520075/; classtype:trojan-activity;sid:84383175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520077)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.244.254.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520077/; classtype:trojan-activity;sid:84383177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520070)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.63.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520070/; classtype:trojan-activity;sid:84383170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520068)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.77.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520068/; classtype:trojan-activity;sid:84383168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519584/; classtype:trojan-activity;sid:84382684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; content:"GET"; http_method; content:"/_autovlbs19_new/trainjx.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"thtp2.volamngayxua.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_image_free.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/32.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu832.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; content:"GET"; http_method; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"icoffeecloud.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"60aaf9c6.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/linm_free/tg_linm_data_map_free.dll"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"tiwanlinm.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; content:"GET"; http_method; content:"/fb/sm.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/giftorder.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519451)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"2cfc0222.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519451/; classtype:trojan-activity;sid:84382551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; content:"GET"; http_method; content:"/newchaisupon/vendor/bin/psysh.bat"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"99194034-96-20180108171507.webstarterz.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519442)"; flow:established,from_client; content:"GET"; http_method; content:"/diaclients/doitallmain.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.salonmarketing.ca"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519442/; classtype:trojan-activity;sid:84382542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; content:"GET"; http_method; content:"/sa0611/systemsa32.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; content:"GET"; http_method; content:"/msedge.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; content:"GET"; http_method; content:"/update/pubdata/hpsocket4c.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519419)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519419/; classtype:trojan-activity;sid:84382519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c3436037.salamanderprocessing.pages.dev"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519404)"; flow:established,from_client; content:"GET"; http_method; content:"/pds/mogimall/giftorder/updater.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mogimall.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519404/; classtype:trojan-activity;sid:84382504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; content:"GET"; http_method; content:"/media/video_file/round_setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519389)"; flow:established,from_client; content:"GET"; http_method; content:"/cfxre.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519389/; classtype:trojan-activity;sid:84382489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; content:"GET"; http_method; content:"/r0400/yahoodll.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.ss-01.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/addmefast%20bot.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; content:"GET"; http_method; content:"/nircmd.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; content:"GET"; http_method; content:"/pst.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"o24o.ru"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; content:"GET"; http_method; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"fz.tiansys.cn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; content:"GET"; http_method; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519028)"; flow:established,from_client; content:"GET"; http_method; content:"/uniondown/haozip_tiny.201805.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519028/; classtype:trojan-activity;sid:84382128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; content:"GET"; http_method; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; content:"GET"; http_method; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; content:"GET"; http_method; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; content:"GET"; http_method; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pkexu0ytxar3.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"115.159.149.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; content:"GET"; http_method; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; content:"GET"; http_method; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; content:"GET"; http_method; content:"/ns1.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.215.218.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517053)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517053/; classtype:trojan-activity;sid:84380153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; content:"GET"; http_method; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.219.49.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516107)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516107/; classtype:trojan-activity;sid:84379207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515978)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.64.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515978/; classtype:trojan-activity;sid:84379078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514570)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hrp9lnasbplclnhppp1abwb1uwv4kdvs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514570/; classtype:trojan-activity;sid:84377670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; content:"GET"; http_method; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; content:"GET"; http_method; content:"/dl16"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; content:"GET"; http_method; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; content:"GET"; http_method; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.60.246.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507942/; classtype:trojan-activity;sid:84371042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; content:"GET"; http_method; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; content:"GET"; http_method; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506346)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kcbhxhjt-bdxszgxt1nfnzdt5hpvkwk4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506346/; classtype:trojan-activity;sid:84369446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; content:"GET"; http_method; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; content:"GET"; http_method; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; content:"GET"; http_method; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; content:"GET"; http_method; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; content:"GET"; http_method; content:"/anamesias580/upload/refs/heads/master/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; content:"GET"; http_method; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; content:"GET"; http_method; content:"/pantay/upload/raw/refs/heads/master/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.238.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.17.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503657/; classtype:trojan-activity;sid:84366757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; content:"GET"; http_method; content:"/tirtekeka/rat-client/zip/refs/heads/main"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; content:"GET"; http_method; content:"/download/konsol.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"backupso.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.214.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502701/; classtype:trojan-activity;sid:84365801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3501608)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"35.137.185.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_05; reference:url, urlhaus.abuse.ch/url/3501608/; classtype:trojan-activity;sid:84364708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; content:"GET"; http_method; content:"/chin/ifjjmktge.mp3"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dcrun.co.uk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.185.1.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500747/; classtype:trojan-activity;sid:84363847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.102.74.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500733/; classtype:trojan-activity;sid:84363833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.173.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500726/; classtype:trojan-activity;sid:84363826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; content:"GET"; http_method; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499150)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_02; reference:url, urlhaus.abuse.ch/url/3499150/; classtype:trojan-activity;sid:84362250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; content:"GET"; http_method; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; content:"GET"; http_method; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; content:"GET"; http_method; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498072)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.1/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498072/; classtype:trojan-activity;sid:84361172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498073)"; flow:established,from_client; content:"GET"; http_method; content:"/rippez/wordkeeper/releases/download/caseharden/release.caseharden.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498073/; classtype:trojan-activity;sid:84361173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; content:"GET"; http_method; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498059)"; flow:established,from_client; content:"GET"; http_method; content:"/julia2806/stock-watch/releases/download/v1.0/application.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498059/; classtype:trojan-activity;sid:84361159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; content:"GET"; http_method; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; content:"GET"; http_method; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; content:"GET"; http_method; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498036)"; flow:established,from_client; content:"GET"; http_method; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v2.0/software.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498036/; classtype:trojan-activity;sid:84361136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498040)"; flow:established,from_client; content:"GET"; http_method; content:"/warisalishah/mytube/releases/download/v1.2/soft.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498040/; classtype:trojan-activity;sid:84361140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497823)"; flow:established,from_client; content:"GET"; http_method; content:"/unlimxts2/password-manager-intermediate/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497823/; classtype:trojan-activity;sid:84360923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; content:"GET"; http_method; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; content:"GET"; http_method; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497772)"; flow:established,from_client; content:"GET"; http_method; content:"/zackkung688/split-fiction/releases/download/lavalike/splitfiction-lavalike.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497772/; classtype:trojan-activity;sid:84360872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497761)"; flow:established,from_client; content:"GET"; http_method; content:"/simplefastfunnels254/tg-cybersec/releases/download/v2.7.1/tg-cybersec-v2.7.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497761/; classtype:trojan-activity;sid:84360861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497760)"; flow:established,from_client; content:"GET"; http_method; content:"/ykn1/dishost/releases/download/1.3.8/dishost.1.3.8.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497760/; classtype:trojan-activity;sid:84360860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; content:"GET"; http_method; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; content:"GET"; http_method; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497692)"; flow:established,from_client; content:"GET"; http_method; content:"/nuriia-i/palia-script/releases/download/anisoin/palia-script_anisoin.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497692/; classtype:trojan-activity;sid:84360792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; content:"GET"; http_method; content:"/devpev777/d/refs/heads/main/r.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.4.13.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497309/; classtype:trojan-activity;sid:84360409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; content:"GET"; http_method; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; content:"GET"; http_method; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; content:"GET"; http_method; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496663)"; flow:established,from_client; content:"GET"; http_method; content:"/mohamedbama/spider-man-2/releases/download/1.6.7/spider-man-2_v1.6.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496663/; classtype:trojan-activity;sid:84359763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; content:"GET"; http_method; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496646)"; flow:established,from_client; content:"GET"; http_method; content:"/naoval19/tacos/releases/download/v2.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496646/; classtype:trojan-activity;sid:84359746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496628)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496628/; classtype:trojan-activity;sid:84359728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; content:"GET"; http_method; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496625)"; flow:established,from_client; content:"GET"; http_method; content:"/vandalyz/nodejs-dockerized-app/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496625/; classtype:trojan-activity;sid:84359725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496604)"; flow:established,from_client; content:"GET"; http_method; content:"/yahabaha/exam-quiz-test/releases/download/v2.9.2/exam-quiz-test-v2.9.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496604/; classtype:trojan-activity;sid:84359704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496592)"; flow:established,from_client; content:"GET"; http_method; content:"/klaus998851/github-achievements/releases/download/3.5.8/github-achievements-3.5.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496592/; classtype:trojan-activity;sid:84359692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496585)"; flow:established,from_client; content:"GET"; http_method; content:"/aboubakar909/dreamdance/releases/download/v2.5.1/dreamdance.v2.5.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496585/; classtype:trojan-activity;sid:84359685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; content:"GET"; http_method; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496067)"; flow:established,from_client; content:"GET"; http_method; content:"/new_image.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"talentrecruitments.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496067/; classtype:trojan-activity;sid:84359167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; content:"GET"; http_method; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; content:"GET"; http_method; content:"/tsl/downloader.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"tobecation.github.io"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494793)"; flow:established,from_client; content:"GET"; http_method; content:"/dl20"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494793/; classtype:trojan-activity;sid:84357893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493102)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.23.17.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3493102/; classtype:trojan-activity;sid:84356202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492619)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/wild-storage/releases/download/v1.0/app.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492619/; classtype:trojan-activity;sid:84355719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; content:"GET"; http_method; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; content:"GET"; http_method; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; content:"GET"; http_method; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492601)"; flow:established,from_client; content:"GET"; http_method; content:"/stayns/glpwnme/releases/download/3.1.1/glpwnme-3.1.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492601/; classtype:trojan-activity;sid:84355701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492602)"; flow:established,from_client; content:"GET"; http_method; content:"/catexec/signature-recognition-cnn/releases/download/v1.6.8/signature-recognition-cnn-v1.6.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492602/; classtype:trojan-activity;sid:84355702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492604)"; flow:established,from_client; content:"GET"; http_method; content:"/tombalestra/m3-spatial/releases/download/v3.3.4/m3-spatial-v3.3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492604/; classtype:trojan-activity;sid:84355704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; content:"GET"; http_method; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492591)"; flow:established,from_client; content:"GET"; http_method; content:"/sudip1801/loyalty/releases/download/v3.4.4-alpha.1/loyalty_v3.4.4-alpha.1.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492591/; classtype:trojan-activity;sid:84355691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; content:"GET"; http_method; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492557)"; flow:established,from_client; content:"GET"; http_method; content:"/suvam-01/alayalite/releases/download/v1.4.8/alayalite_v1.4.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492557/; classtype:trojan-activity;sid:84355657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492553)"; flow:established,from_client; content:"GET"; http_method; content:"/ricardocrc735/navicatpwn/releases/download/3.2.3/navicatpwn-3.2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492553/; classtype:trojan-activity;sid:84355653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; content:"GET"; http_method; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; content:"GET"; http_method; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; content:"GET"; http_method; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; content:"GET"; http_method; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; content:"GET"; http_method; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492123)"; flow:established,from_client; content:"GET"; http_method; content:"/mathists9/abaqus-aluminum-bending-ductile-damage-3d/releases/download/2.7.3/release.2.7.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492123/; classtype:trojan-activity;sid:84355223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492112)"; flow:established,from_client; content:"GET"; http_method; content:"/solarcrownyt/learning-sqlx/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492112/; classtype:trojan-activity;sid:84355212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; content:"GET"; http_method; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.111.30.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491741/; classtype:trojan-activity;sid:84354841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; content:"GET"; http_method; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; content:"GET"; http_method; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; content:"GET"; http_method; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; content:"GET"; http_method; content:"/rh/setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d3cciiowg5l3jx.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; content:"GET"; http_method; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; content:"GET"; http_method; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; content:"GET"; http_method; content:"/dl18"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; content:"GET"; http_method; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; content:"GET"; http_method; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; content:"GET"; http_method; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; content:"GET"; http_method; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; content:"GET"; http_method; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; content:"GET"; http_method; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489336)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489336/; classtype:trojan-activity;sid:84352436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; content:"GET"; http_method; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; content:"GET"; http_method; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489245)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489245/; classtype:trojan-activity;sid:84352345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489254)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489254/; classtype:trojan-activity;sid:84352354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; content:"GET"; http_method; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489262)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/final/releases/download/v2.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489262/; classtype:trojan-activity;sid:84352362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489230)"; flow:established,from_client; content:"GET"; http_method; content:"/yoiser1/proyecto_final/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489230/; classtype:trojan-activity;sid:84352330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; content:"GET"; http_method; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; content:"GET"; http_method; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; content:"GET"; http_method; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; content:"GET"; http_method; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; content:"GET"; http_method; content:"/cvm010/movie/releases/download/v1.0/software.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; content:"GET"; http_method; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489177)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489177/; classtype:trojan-activity;sid:84352277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489179)"; flow:established,from_client; content:"GET"; http_method; content:"/desmonsd/blazingtool/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489179/; classtype:trojan-activity;sid:84352279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489175)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/deploy-admin/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489175/; classtype:trojan-activity;sid:84352275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489166)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/manuxing/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489166/; classtype:trojan-activity;sid:84352266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; content:"GET"; http_method; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489153)"; flow:established,from_client; content:"GET"; http_method; content:"/anas200321/kernel-memory-reading-writing/releases/download/v1.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489153/; classtype:trojan-activity;sid:84352253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489147)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489147/; classtype:trojan-activity;sid:84352247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489149)"; flow:established,from_client; content:"GET"; http_method; content:"/suffer220/bbuild/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489149/; classtype:trojan-activity;sid:84352249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; content:"GET"; http_method; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; content:"GET"; http_method; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; content:"GET"; http_method; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; content:"GET"; http_method; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489116)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489116/; classtype:trojan-activity;sid:84352216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; content:"GET"; http_method; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; content:"GET"; http_method; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489121)"; flow:established,from_client; content:"GET"; http_method; content:"/theboss6921/json-to-typescript/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489121/; classtype:trojan-activity;sid:84352221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489106)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489106/; classtype:trojan-activity;sid:84352206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489107)"; flow:established,from_client; content:"GET"; http_method; content:"/shirfor/autoforjob/releases/download/v1.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489107/; classtype:trojan-activity;sid:84352207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489098)"; flow:established,from_client; content:"GET"; http_method; content:"/juliocesarmara/emojico/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489098/; classtype:trojan-activity;sid:84352198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; content:"GET"; http_method; content:"/lilanders123/act/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; content:"GET"; http_method; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489056)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v1.0/application.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489056/; classtype:trojan-activity;sid:84352156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489059)"; flow:established,from_client; content:"GET"; http_method; content:"/lucksssssss/flick_share/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489059/; classtype:trojan-activity;sid:84352159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; content:"GET"; http_method; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; content:"GET"; http_method; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489036)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v1.0/application.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489036/; classtype:trojan-activity;sid:84352136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; content:"GET"; http_method; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; content:"GET"; http_method; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489029)"; flow:established,from_client; content:"GET"; http_method; content:"/oneshotviper24/g-n-rateur-de-robots.txt-et-sitemap.xml/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489029/; classtype:trojan-activity;sid:84352129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; content:"GET"; http_method; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489005)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489005/; classtype:trojan-activity;sid:84352105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489007)"; flow:established,from_client; content:"GET"; http_method; content:"/basemnabill/stock-forecasting-rnn/releases/download/v1.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489007/; classtype:trojan-activity;sid:84352107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; content:"GET"; http_method; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; content:"GET"; http_method; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; content:"GET"; http_method; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; content:"GET"; http_method; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; content:"GET"; http_method; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; content:"GET"; http_method; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; content:"GET"; http_method; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; content:"GET"; http_method; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488926)"; flow:established,from_client; content:"GET"; http_method; content:"/t7dela/shadowtool/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488926/; classtype:trojan-activity;sid:84352026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; content:"GET"; http_method; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; content:"GET"; http_method; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488849)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488849/; classtype:trojan-activity;sid:84351949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; content:"GET"; http_method; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488854)"; flow:established,from_client; content:"GET"; http_method; content:"/astral-ash/deployeride-erc20-toolkit/releases/download/v1.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488854/; classtype:trojan-activity;sid:84351954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; content:"GET"; http_method; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; content:"GET"; http_method; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; content:"GET"; http_method; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; content:"GET"; http_method; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; content:"GET"; http_method; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; content:"GET"; http_method; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; content:"GET"; http_method; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; content:"GET"; http_method; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; content:"GET"; http_method; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; content:"GET"; http_method; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; content:"GET"; http_method; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; content:"GET"; http_method; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; content:"GET"; http_method; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; content:"GET"; http_method; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; content:"GET"; http_method; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; content:"GET"; http_method; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; content:"GET"; http_method; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; content:"GET"; http_method; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; content:"GET"; http_method; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; content:"GET"; http_method; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; content:"GET"; http_method; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; content:"GET"; http_method; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; content:"GET"; http_method; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; content:"GET"; http_method; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; content:"GET"; http_method; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488630)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488630/; classtype:trojan-activity;sid:84351730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18630095/software.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488634)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488634/; classtype:trojan-activity;sid:84351734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; content:"GET"; http_method; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488609)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488609/; classtype:trojan-activity;sid:84351709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/18722098/application.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488582)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v1.0/application.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488582/; classtype:trojan-activity;sid:84351682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488567)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488567/; classtype:trojan-activity;sid:84351667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488580)"; flow:established,from_client; content:"GET"; http_method; content:"/razzisproatgaming/hacathon-backend-smit/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488580/; classtype:trojan-activity;sid:84351680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488548)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488548/; classtype:trojan-activity;sid:84351648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; content:"GET"; http_method; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; content:"GET"; http_method; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488490)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488490/; classtype:trojan-activity;sid:84351590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; content:"GET"; http_method; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; content:"GET"; http_method; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; content:"GET"; http_method; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488355)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v1.0/application.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488355/; classtype:trojan-activity;sid:84351455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; content:"GET"; http_method; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; content:"GET"; http_method; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488363)"; flow:established,from_client; content:"GET"; http_method; content:"/zerovr988/apaphx_ads1015/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488363/; classtype:trojan-activity;sid:84351463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; content:"GET"; http_method; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; content:"GET"; http_method; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488309)"; flow:established,from_client; content:"GET"; http_method; content:"/dianfauzi16/school-project/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488309/; classtype:trojan-activity;sid:84351409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; content:"GET"; http_method; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; content:"GET"; http_method; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; content:"GET"; http_method; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; content:"GET"; http_method; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; content:"GET"; http_method; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; content:"GET"; http_method; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; content:"GET"; http_method; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; content:"GET"; http_method; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; content:"GET"; http_method; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; content:"GET"; http_method; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; content:"GET"; http_method; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; content:"GET"; http_method; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488206)"; flow:established,from_client; content:"GET"; http_method; content:"/damaonly/android-worker/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488206/; classtype:trojan-activity;sid:84351306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; content:"GET"; http_method; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; content:"GET"; http_method; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; content:"GET"; http_method; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; content:"GET"; http_method; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488161)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488161/; classtype:trojan-activity;sid:84351261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; content:"GET"; http_method; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; content:"GET"; http_method; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488149)"; flow:established,from_client; content:"GET"; http_method; content:"/jeremiah95676t/openmetadata-helm-argocd/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488149/; classtype:trojan-activity;sid:84351249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; content:"GET"; http_method; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; content:"GET"; http_method; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; content:"GET"; http_method; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; content:"GET"; http_method; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488134)"; flow:established,from_client; content:"GET"; http_method; content:"/iguit-1/instagramuseranalysis/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488134/; classtype:trojan-activity;sid:84351234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; content:"GET"; http_method; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488114)"; flow:established,from_client; content:"GET"; http_method; content:"/lleonex/marsdevx/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488114/; classtype:trojan-activity;sid:84351214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; content:"GET"; http_method; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; content:"GET"; http_method; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; content:"GET"; http_method; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488099)"; flow:established,from_client; content:"GET"; http_method; content:"/hackedbysushi/local_deep_seek/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488099/; classtype:trojan-activity;sid:84351199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; content:"GET"; http_method; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488090)"; flow:established,from_client; content:"GET"; http_method; content:"/maxiazzinnari/mint-nft-on-sui/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488090/; classtype:trojan-activity;sid:84351190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; content:"GET"; http_method; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488083)"; flow:established,from_client; content:"GET"; http_method; content:"/moshe236/vanishmail/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488083/; classtype:trojan-activity;sid:84351183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; content:"GET"; http_method; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488088)"; flow:established,from_client; content:"GET"; http_method; content:"/manuxing/cloudflare-dns-swarm/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488088/; classtype:trojan-activity;sid:84351188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; content:"GET"; http_method; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; content:"GET"; http_method; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; content:"GET"; http_method; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; content:"GET"; http_method; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488024)"; flow:established,from_client; content:"GET"; http_method; content:"/rila111/content2map/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488024/; classtype:trojan-activity;sid:84351124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488025)"; flow:established,from_client; content:"GET"; http_method; content:"/alfa786-creator/pic-squeeze/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488025/; classtype:trojan-activity;sid:84351125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488030)"; flow:established,from_client; content:"GET"; http_method; content:"/mrcaptain27/lianjiascraper/releases/download/v1.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488030/; classtype:trojan-activity;sid:84351130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; content:"GET"; http_method; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; content:"GET"; http_method; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488010)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v2.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488010/; classtype:trojan-activity;sid:84351110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488017)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488017/; classtype:trojan-activity;sid:84351117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488018)"; flow:established,from_client; content:"GET"; http_method; content:"/perish76b/ratter-app/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488018/; classtype:trojan-activity;sid:84351118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487995)"; flow:established,from_client; content:"GET"; http_method; content:"/titiaswe12/rozetka-admin-panel/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487995/; classtype:trojan-activity;sid:84351095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; content:"GET"; http_method; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487961)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v1.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487961/; classtype:trojan-activity;sid:84351061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; content:"GET"; http_method; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; content:"GET"; http_method; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; content:"GET"; http_method; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; content:"GET"; http_method; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487943)"; flow:established,from_client; content:"GET"; http_method; content:"/okijuinhbugvygbuhi/concept/releases/download/v2.0/software.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487943/; classtype:trojan-activity;sid:84351043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; content:"GET"; http_method; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; content:"GET"; http_method; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; content:"GET"; http_method; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487937)"; flow:established,from_client; content:"GET"; http_method; content:"/yourmumsbad/testkanban/releases/download/v1.0/app.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487937/; classtype:trojan-activity;sid:84351037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; content:"GET"; http_method; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487927)"; flow:established,from_client; content:"GET"; http_method; content:"/mkiuk/jullus2api/releases/download/v2.0/software.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487927/; classtype:trojan-activity;sid:84351027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; content:"GET"; http_method; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; content:"GET"; http_method; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; content:"GET"; http_method; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; content:"GET"; http_method; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; content:"GET"; http_method; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; content:"GET"; http_method; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; content:"GET"; http_method; content:"/dl19"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; content:"GET"; http_method; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485331)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485331/; classtype:trojan-activity;sid:84348431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; content:"GET"; http_method; content:"/aasdasdqrunshkkkkkkk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; content:"GET"; http_method; content:"/asdqsadsdahhhhhtxt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; content:"GET"; http_method; content:"/ps_z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.218.50.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; content:"GET"; http_method; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485214)"; flow:established,from_client; content:"GET"; http_method; content:"/roblox12400z/dx9ware-roblox/releases/download/v1.0/app.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485214/; classtype:trojan-activity;sid:84348314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485196)"; flow:established,from_client; content:"GET"; http_method; content:"/massambaf/dx9ware-roblox/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485196/; classtype:trojan-activity;sid:84348296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; content:"GET"; http_method; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; content:"GET"; http_method; content:"/dl17"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; content:"GET"; http_method; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; content:"GET"; http_method; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; content:"GET"; http_method; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; content:"GET"; http_method; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.automobile-bk.de"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; content:"GET"; http_method; content:"/bear/2020/goldarnedest.aca"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.support-data.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; content:"GET"; http_method; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481600/; classtype:trojan-activity;sid:84344700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; content:"GET"; http_method; content:"/alishazara/api/refs/heads/master/rh_s.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/raw/main/ud.bat"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; content:"GET"; http_method; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; content:"GET"; http_method; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480322)"; flow:established,from_client; content:"GET"; http_method; content:"/dasara21/hypermatch/releases/download/v1.0/software.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480322/; classtype:trojan-activity;sid:84343422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; content:"GET"; http_method; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480243)"; flow:established,from_client; content:"GET"; http_method; content:"/monggosporlyp/circlexo/releases/download/v1.2/soft.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480243/; classtype:trojan-activity;sid:84343343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.149.178.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478498/; classtype:trojan-activity;sid:84341598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475894)"; flow:established,from_client; content:"GET"; http_method; content:"/farizalsalman21/keon/releases/download/v2.0/release_x64.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475894/; classtype:trojan-activity;sid:84338994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; content:"GET"; http_method; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; content:"GET"; http_method; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; content:"GET"; http_method; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; content:"GET"; http_method; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; content:"GET"; http_method; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475631)"; flow:established,from_client; content:"GET"; http_method; content:"/vyshnavidevi11/frtproject/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475631/; classtype:trojan-activity;sid:84338731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; content:"GET"; http_method; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; content:"GET"; http_method; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; content:"GET"; http_method; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; content:"GET"; http_method; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; content:"GET"; http_method; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; content:"GET"; http_method; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; content:"GET"; http_method; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; content:"GET"; http_method; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; content:"GET"; http_method; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; content:"GET"; http_method; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; content:"GET"; http_method; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; content:"GET"; http_method; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473767)"; flow:established,from_client; content:"GET"; http_method; content:"/nass3344/trello-like-api/releases/download/v1.0/software.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473767/; classtype:trojan-activity;sid:84336867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; content:"GET"; http_method; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473776)"; flow:established,from_client; content:"GET"; http_method; content:"/brevidade/fleet-pattern/releases/download/v1.0/software.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473776/; classtype:trojan-activity;sid:84336876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; content:"GET"; http_method; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; content:"GET"; http_method; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; content:"GET"; http_method; content:"/xraqwapfu.pdf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"galerisenimutiara.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467411)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/how_to_write_letter_against_show_cause_notice.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467411/; classtype:trojan-activity;sid:84330511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466690)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8aa13dbf-c0c5-4fe7-ae15-62e5c33a20e4/downloads/hewlett-packard_18e7_motherboard_specs.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466690/; classtype:trojan-activity;sid:84329790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; content:"GET"; http_method; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"img1.wsimg.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wupiao.3987.com.rar"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"forspeed.onlinedown.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; content:"GET"; http_method; content:"/up/"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"blessdayservices.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"admin.gestroom.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"test.peperoncinochepassione.it"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"first-security-verden.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.first-security-verden.de"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"zamilgroups.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.website.mypetapp.co.za"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.bratusferramentas.grupomoltz.com.br"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"website.mypetapp.co.za"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"bmdcompany.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.zamilgroups.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"www.test.peperoncinochepassione.it"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463367)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463367/; classtype:trojan-activity;sid:84326467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463364)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.146.62.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463364/; classtype:trojan-activity;sid:84326464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; content:"GET"; http_method; content:"/dl1001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.170.22.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin2.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.plg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin1.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; content:"GET"; http_method; content:"/new/plugin3.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; content:"GET"; http_method; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460167/; classtype:trojan-activity;sid:84323267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.62.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460149/; classtype:trojan-activity;sid:84323249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451827)"; flow:established,from_client; content:"GET"; http_method; content:"/jqueryui.js"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"webcstore.pw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451827/; classtype:trojan-activity;sid:84314927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/putty.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"book.rollingvideogames.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; content:"GET"; http_method; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450048)"; flow:established,from_client; content:"GET"; http_method; content:"/continue/45.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.benshamcentre.co.uk"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450048/; classtype:trojan-activity;sid:84313148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3449986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3449986/; classtype:trojan-activity;sid:84313086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.42.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; content:"GET"; http_method; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; content:"GET"; http_method; content:"/sena1.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; content:"GET"; http_method; content:"/manga1.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; content:"GET"; http_method; content:"/colheita1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; http_host; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; content:"GET"; http_method; content:"/img001.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.171.106.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; content:"GET"; http_method; content:"/coracion1.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; content:"GET"; http_method; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; content:"GET"; http_method; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"hotelembuguacu.blob.core.windows.net"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.248.3.202.ll.sta.mana.pf"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"host-95-230-215-65.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"172.250.238.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabalmain.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; content:"GET"; http_method; content:"/output0/client/cabal.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabalmain.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442233)"; flow:established,from_client; content:"GET"; http_method; content:"/build.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442233/; classtype:trojan-activity;sid:84305333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; content:"GET"; http_method; content:"/xxxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; content:"GET"; http_method; content:"/ffff"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; content:"GET"; http_method; content:"/libmod_hellocpp_42.so"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"47.89.173.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.122.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; content:"GET"; http_method; content:"/output/client/cabal.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"168.138.162.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440974)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440974/; classtype:trojan-activity;sid:84304074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440971)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rls"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440971/; classtype:trojan-activity;sid:84304071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440972)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/rld"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440972/; classtype:trojan-activity;sid:84304072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440969)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440969/; classtype:trojan-activity;sid:84304069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440970)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64/kthreadrm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440970/; classtype:trojan-activity;sid:84304070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440930)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440930/; classtype:trojan-activity;sid:84304030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440931)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440931/; classtype:trojan-activity;sid:84304031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440932)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440932/; classtype:trojan-activity;sid:84304032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440934)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.166.72.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440934/; classtype:trojan-activity;sid:84304034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438572/; classtype:trojan-activity;sid:84301672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/pure_adonis"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/pure_jnd"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/adonis/all_adonis"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/jnd/jnd_all"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435167)"; flow:established,from_client; content:"GET"; http_method; content:"/iluxa94/-3-/refs/heads/main/%d0%a4%d0%be%d1%80%d0%bc%d0%b0%203%d0%9e%d0%a8%d0%91%d0%a0.exe"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435167/; classtype:trojan-activity;sid:84298267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.8.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433357/; classtype:trojan-activity;sid:84296457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3433345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_09; reference:url, urlhaus.abuse.ch/url/3433345/; classtype:trojan-activity;sid:84296445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/all_bean"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; content:"GET"; http_method; content:"/test/cgi-bin/mr_bean/pure_bean"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"upchemicals.co.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; content:"GET"; http_method; content:"/bljysvhw/img001.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; content:"GET"; http_method; content:"/1/test.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ofice365.github.io"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d2314eac.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.221.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429311/; classtype:trojan-activity;sid:84292411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423045)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423045/; classtype:trojan-activity;sid:84286145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423046)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423046/; classtype:trojan-activity;sid:84286146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423047)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423047/; classtype:trojan-activity;sid:84286147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3423050)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_01; reference:url, urlhaus.abuse.ch/url/3423050/; classtype:trojan-activity;sid:84286150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/xsh.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; content:"GET"; http_method; content:"/sigmaplus/4.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"ny.lshdw.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421014)"; flow:established,from_client; content:"GET"; http_method; content:"/assignment.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421014/; classtype:trojan-activity;sid:84284114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/emmetprod.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"141.147.43.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3420564)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.70.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3420564/; classtype:trojan-activity;sid:84283664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; content:"GET"; http_method; content:"/cab/launcherloader.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.newkey.co.kr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; content:"GET"; http_method; content:"/loginanticheat4.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.226.39.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3414036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_25; reference:url, urlhaus.abuse.ch/url/3414036/; classtype:trojan-activity;sid:84277136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.206.216.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412918/; classtype:trojan-activity;sid:84276018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.165.237.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412921/; classtype:trojan-activity;sid:84276021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.11.36.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; content:"GET"; http_method; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406818)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%a7%ac%ec%9b%a8%ec%96%b4.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406818/; classtype:trojan-activity;sid:84269918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3406822)"; flow:established,from_client; content:"GET"; http_method; content:"/%eb%b9%8c%ec%96%b4%20%eb%a8%b9%ec%9d%84.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hobobot.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_20; reference:url, urlhaus.abuse.ch/url/3406822/; classtype:trojan-activity;sid:84269922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"182.109.0.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405323/; classtype:trojan-activity;sid:84268423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405324)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405324/; classtype:trojan-activity;sid:84268424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405329)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.54.96.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405329/; classtype:trojan-activity;sid:84268429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"84.15.147.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.215.129.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.20.19.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.72.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405113/; classtype:trojan-activity;sid:84268213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; content:"GET"; http_method; content:"/lehila05/pdc/refs/heads/main/payload.bin"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; content:"GET"; http_method; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.180.89.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401362)"; flow:established,from_client; content:"GET"; http_method; content:"/fxserver.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.50.242.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401362/; classtype:trojan-activity;sid:84264462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/1.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.121.239.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398195/; classtype:trojan-activity;sid:84261295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; content:"GET"; http_method; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; content:"GET"; http_method; content:"/trismagi/daemon/raw/main/watchdog"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.56.225.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; content:"GET"; http_method; content:"/roukistl/ud/refs/heads/main/ud.bat"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; content:"GET"; http_method; content:"/thomson101/xhp/releases/download/release/steanings.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391671)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"151.251.196.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391671/; classtype:trojan-activity;sid:84254771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.24.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391609/; classtype:trojan-activity;sid:84254709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390789)"; flow:established,from_client; content:"GET"; http_method; content:"/kusaka.php|3f|call=av"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cpofficial.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390789/; classtype:trojan-activity;sid:84253889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390749)"; flow:established,from_client; content:"GET"; http_method; content:"/kusaka.php|3f|call=smp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mx9x.com"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390749/; classtype:trojan-activity;sid:84253849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/raw/main/ctc64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; content:"GET"; http_method; content:"/ngrokc/ctc/main/ctc64.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.83.78"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/solara.dir.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; content:"GET"; http_method; content:"/download/static/files/bootstrappernew.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"c0e5b87c.solaraweb-alj.pages.dev"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; content:"GET"; http_method; content:"/file-32bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; content:"GET"; http_method; content:"/file.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; content:"GET"; http_method; content:"/file-arm.elf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; content:"GET"; http_method; content:"/file-64bit.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"34.45.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.97.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385579/; classtype:trojan-activity;sid:84248679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/ultravnc.ini"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.116.68.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.1.110.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.142.63.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"90.45.15.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.109.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373048/; classtype:trojan-activity;sid:84236148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373009/; classtype:trojan-activity;sid:84236109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.97.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372964/; classtype:trojan-activity;sid:84236064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.110.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372954/; classtype:trojan-activity;sid:84236054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372944/; classtype:trojan-activity;sid:84236044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372946/; classtype:trojan-activity;sid:84236046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"111.74.21.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372885)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372885/; classtype:trojan-activity;sid:84235985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.141.62.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372887/; classtype:trojan-activity;sid:84235987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372876)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372876/; classtype:trojan-activity;sid:84235976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.240.155.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.216"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.124.72.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.88.115"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.210.109.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.34.102.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366230/; classtype:trojan-activity;sid:84229330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/skifterne.sea"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.tdejb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; content:"GET"; http_method; content:"/ef/ef.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.astenterprises.com.pk"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; content:"GET"; http_method; content:"/yn5og-40i6-9gu-9hjf.html"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356783)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356783/; classtype:trojan-activity;sid:84219883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; content:"GET"; http_method; content:"/futon"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; content:"GET"; http_method; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; content:"GET"; http_method; content:"/smiple_4yue"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"weco2.oss-me-east-1.aliyuncs.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; content:"GET"; http_method; content:"/36hg-04ik6-9j4-9h5.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; content:"GET"; http_method; content:"/35-0350gh9v-39yh5g.html"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; http_host; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/refs/heads/main/444.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; content:"GET"; http_method; content:"/rookievip/xx/main/loader.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/prueba.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; content:"GET"; http_method; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; content:"GET"; http_method; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; content:"GET"; http_method; content:"/dlc_update.data"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; content:"GET"; http_method; content:"/master.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; content:"GET"; http_method; content:"//google.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; content:"GET"; http_method; content:"//chromesetup.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp.ps1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; content:"GET"; http_method; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; content:"GET"; http_method; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; content:"GET"; http_method; content:"/component/vc2005sp1redist_x86.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"windriversfiles.imeitools.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; content:"GET"; http_method; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/41a1111.hta"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; content:"GET"; http_method; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; content:"GET"; http_method; content:"/kaijiorder/cert/2a.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.92.99.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344177)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344177/; classtype:trojan-activity;sid:84207277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344015)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344015/; classtype:trojan-activity;sid:84207115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343669)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343669/; classtype:trojan-activity;sid:84206769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340578/; classtype:trojan-activity;sid:84203678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340577/; classtype:trojan-activity;sid:84203677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340567/; classtype:trojan-activity;sid:84203667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340568/; classtype:trojan-activity;sid:84203668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340569/; classtype:trojan-activity;sid:84203669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340570/; classtype:trojan-activity;sid:84203670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340574/; classtype:trojan-activity;sid:84203674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340575/; classtype:trojan-activity;sid:84203675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/hax.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"74.48.34.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; content:"GET"; http_method; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest%20v1.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/complexo%20v4.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/box3d.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/lkwan.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/flunix9.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/morovip.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/hazaxd.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/xbest.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; content:"GET"; http_method; content:"/xbest11/ddl1/main/blue_and_white.dll"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; content:"GET"; http_method; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.136.225.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339179)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.49.114.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339179/; classtype:trojan-activity;sid:84202279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.229.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339170/; classtype:trojan-activity;sid:84202270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.220.123.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339161/; classtype:trojan-activity;sid:84202261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.233.125.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339162/; classtype:trojan-activity;sid:84202262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.155.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339119/; classtype:trojan-activity;sid:84202219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.87.31.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.39.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.72.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339098/; classtype:trojan-activity;sid:84202198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.125.133.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339100/; classtype:trojan-activity;sid:84202200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.85.166.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339084/; classtype:trojan-activity;sid:84202184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339090)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.46.58.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339090/; classtype:trojan-activity;sid:84202190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; content:"GET"; http_method; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; content:"GET"; http_method; content:"/ga13372/jv/main/javaw.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; content:"GET"; http_method; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; content:"GET"; http_method; content:"/aissardp/payload/main/payload.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; content:"GET"; http_method; content:"/cracker1337uwu/rrr/main/bypass.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; content:"GET"; http_method; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; content:"GET"; http_method; content:"/nguyenmanmkt/repo1/main/exploit-2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; content:"GET"; http_method; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; content:"GET"; http_method; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; content:"GET"; http_method; content:"/fxtazz/injection/main/index.js"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; content:"GET"; http_method; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; content:"GET"; http_method; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/f/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/c/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/u/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; content:"GET"; http_method; content:"/ty9989/i/zip/refs/heads/main"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; content:"GET"; http_method; content:"/rahmoundll/kak/main/glew64.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; content:"GET"; http_method; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; content:"GET"; http_method; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; content:"GET"; http_method; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; content:"GET"; http_method; content:"/cgpro/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; content:"GET"; http_method; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; content:"GET"; http_method; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; content:"GET"; http_method; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; content:"GET"; http_method; content:"/stubgenerator/stub/main/stub.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; content:"GET"; http_method; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; content:"GET"; http_method; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; content:"GET"; http_method; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; content:"GET"; http_method; content:"/anessdev/talha/main/talha.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336051)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"210.125.101.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336051/; classtype:trojan-activity;sid:84199151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/master/rage.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335175)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks32_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335175/; classtype:trojan-activity;sid:84198275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335174)"; flow:established,from_client; content:"GET"; http_method; content:"/shadowforce2008_64_add.vmp.dll"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335174/; classtype:trojan-activity;sid:84198274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335173)"; flow:established,from_client; content:"GET"; http_method; content:"/infectsocks64_sql_antivirus.vmp.dll"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335173/; classtype:trojan-activity;sid:84198273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335166)"; flow:established,from_client; content:"GET"; http_method; content:"/upm2008.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335166/; classtype:trojan-activity;sid:84198266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335156)"; flow:established,from_client; content:"GET"; http_method; content:"/ndisinstaller3.2.32.1.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335156/; classtype:trojan-activity;sid:84198256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/2018-11/20181122103207926164.doc"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"xww.bucea.edu.cn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335147)"; flow:established,from_client; content:"GET"; http_method; content:"/iatinfect2008_64.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335147/; classtype:trojan-activity;sid:84198247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335141)"; flow:established,from_client; content:"GET"; http_method; content:"/winsetaccess64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335141/; classtype:trojan-activity;sid:84198241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335135)"; flow:established,from_client; content:"GET"; http_method; content:"/writedat.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335135/; classtype:trojan-activity;sid:84198235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335136)"; flow:established,from_client; content:"GET"; http_method; content:"/mport.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335136/; classtype:trojan-activity;sid:84198236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335134)"; flow:established,from_client; content:"GET"; http_method; content:"/iland.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"211.204.100.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335134/; classtype:trojan-activity;sid:84198234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; content:"GET"; http_method; content:"/cg70/update.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; content:"GET"; http_method; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"hhbs.hhu.edu.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; content:"GET"; http_method; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; content:"GET"; http_method; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/pthlearning.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"chinaapper.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; content:"GET"; http_method; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/main/document.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; content:"GET"; http_method; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; content:"GET"; http_method; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; content:"GET"; http_method; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; content:"GET"; http_method; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; content:"GET"; http_method; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; content:"GET"; http_method; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; content:"GET"; http_method; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; content:"GET"; http_method; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333479)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/main/svchost.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333479/; classtype:trojan-activity;sid:84196579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; content:"GET"; http_method; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar/setup.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/calendar.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ojang.pe.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; content:"GET"; http_method; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/master/donut.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; content:"GET"; http_method; content:"/getrektboy724/sementara/raw/master/donut.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17793058/lg246dre.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.163.119.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333279)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtdamhd5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333279/; classtype:trojan-activity;sid:84196379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"xn--yh4bx88a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; content:"GET"; http_method; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; content:"GET"; http_method; content:"/xevioo/xeviohub/main/critscript.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/main/system.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; content:"GET"; http_method; content:"/mae-luadev/mae-tests/raw/main/system.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/popapoers.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/vikings.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; content:"GET"; http_method; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; content:"GET"; http_method; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/master/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331665)"; flow:established,from_client; content:"GET"; http_method; content:"/abhidadatg/worm/refs/heads/main/xclient.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331665/; classtype:trojan-activity;sid:84194765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; content:"GET"; http_method; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; content:"GET"; http_method; content:"/jikoos/rrr/main/xclient.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331649)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug2.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331649/; classtype:trojan-activity;sid:84194749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331644)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/wrwrwr/main/xclient.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331644/; classtype:trojan-activity;sid:84194744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331643)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/adad/main/xclient.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331643/; classtype:trojan-activity;sid:84194743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; content:"GET"; http_method; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331640)"; flow:established,from_client; content:"GET"; http_method; content:"/whois-black/qew123/main/xclient.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331640/; classtype:trojan-activity;sid:84194740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331636)"; flow:established,from_client; content:"GET"; http_method; content:"/paco321312312/cautious-sniffle/main/xclient.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331636/; classtype:trojan-activity;sid:84194736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; content:"GET"; http_method; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331626)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/debug4.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.drgenov.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331626/; classtype:trojan-activity;sid:84194726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331628)"; flow:established,from_client; content:"GET"; http_method; content:"/lvlh01am/fsfsf/main/xclient.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331628/; classtype:trojan-activity;sid:84194728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; content:"GET"; http_method; content:"/cheetz/nishang/master/gather/keylogger.ps1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; content:"GET"; http_method; content:"/cookieskush/pip-package-template/master/client-built.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; content:"GET"; http_method; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; content:"GET"; http_method; content:"/cidadejunina/js/vendor/debug2.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"transparenciacanaa.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318580)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318580/; classtype:trojan-activity;sid:84181680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318498)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318498/; classtype:trojan-activity;sid:84181598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; content:"GET"; http_method; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317713)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin2.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317713/; classtype:trojan-activity;sid:84180813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317712)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin1.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317712/; classtype:trojan-activity;sid:84180812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317707)"; flow:established,from_client; content:"GET"; http_method; content:"/m2/plugin3.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.184.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317707/; classtype:trojan-activity;sid:84180807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/media/thing2"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"divvanews.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; content:"GET"; http_method; content:"/order/purchaseorder.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; content:"GET"; http_method; content:"/order/putty.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"csg-app.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308912)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308912/; classtype:trojan-activity;sid:84172012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.183.16.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.155.74.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308894/; classtype:trojan-activity;sid:84171994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303101)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/lr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"183.102.83.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_24; reference:url, urlhaus.abuse.ch/url/3303101/; classtype:trojan-activity;sid:84166201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/y.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/refs/heads/main/document.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/ud.bat"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/t.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/refs/heads/main/u.xls"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; content:"GET"; http_method; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; content:"GET"; http_method; content:"/es.hta"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; content:"GET"; http_method; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; content:"GET"; http_method; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; content:"GET"; http_method; content:"/crm/exe/update.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.zhikey.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; content:"GET"; http_method; content:"/ledshow1.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.200.220.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; content:"GET"; http_method; content:"/configureregistrysettings.ps1"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; content:"GET"; http_method; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mininews.kpzip.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3291869)"; flow:established,from_client; content:"GET"; http_method; content:"/images/stories/guides/guide2018.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"dcwblida.dz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3291869/; classtype:trojan-activity;sid:84154969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.44.144.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290573/; classtype:trojan-activity;sid:84153673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3290243)"; flow:established,from_client; content:"GET"; http_method; content:"/pro2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.98.201.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3290243/; classtype:trojan-activity;sid:84153343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; content:"GET"; http_method; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.57.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289469/; classtype:trojan-activity;sid:84152569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; content:"GET"; http_method; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"d.kpzip.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip.convertimg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"download.haozip.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; content:"GET"; http_method; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; content:"GET"; http_method; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280990)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2d424qwn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280990/; classtype:trojan-activity;sid:84144090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; content:"GET"; http_method; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; content:"GET"; http_method; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; content:"GET"; http_method; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"disk.accord1key.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; content:"GET"; http_method; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; content:"GET"; http_method; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; content:"GET"; http_method; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"216.201.80.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; content:"GET"; http_method; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; content:"GET"; http_method; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; content:"GET"; http_method; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; content:"GET"; http_method; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; content:"GET"; http_method; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"123.ywxww.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; content:"GET"; http_method; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; content:"GET"; http_method; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/main/svchost.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; content:"GET"; http_method; content:"/media/furystorage/api/main/svchost.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"media.githubusercontent.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; content:"GET"; http_method; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; content:"GET"; http_method; content:"/artem674118/erterytry/raw/main/svchost.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271596)"; flow:established,from_client; content:"GET"; http_method; content:"/heresfilly09-9/fornova/raw/main/svchost.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271596/; classtype:trojan-activity;sid:84134696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; content:"GET"; http_method; content:"/chokopie333/doom/raw/main/svchost.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; content:"GET"; http_method; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; content:"GET"; http_method; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; content:"GET"; http_method; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; content:"GET"; http_method; content:"/novocrm/static/winring0x64.sys"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"118.189.172.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; content:"GET"; http_method; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"shqdown.ggzuhao.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; content:"GET"; http_method; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; content:"GET"; http_method; content:"/silenthashik/winring/raw/main/winring0x64.sys"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; content:"GET"; http_method; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; content:"GET"; http_method; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; content:"GET"; http_method; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; content:"GET"; http_method; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; content:"GET"; http_method; content:"/sopranotech/dimeo/main/winring0x64.sys"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; content:"GET"; http_method; content:"/abrissyy/min/main/winring0x64.sys"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; content:"GET"; http_method; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; content:"GET"; http_method; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257486)"; flow:established,from_client; content:"GET"; http_method; content:"/networks.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257486/; classtype:trojan-activity;sid:84120586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; content:"GET"; http_method; content:"/data/javaw/net/net.xsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257470)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257470/; classtype:trojan-activity;sid:84120570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257471)"; flow:established,from_client; content:"GET"; http_method; content:"/net/net.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257471/; classtype:trojan-activity;sid:84120571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/net/net.xsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257474)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/inst.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257474/; classtype:trojan-activity;sid:84120574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257475)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.xsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257475/; classtype:trojan-activity;sid:84120575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257477)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/instance.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sec.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257477/; classtype:trojan-activity;sid:84120577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257450)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257450/; classtype:trojan-activity;sid:84120550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257451)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/winring0x64.sys"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sec.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257451/; classtype:trojan-activity;sid:84120551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257457)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/javaw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sec.dashabi.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257457/; classtype:trojan-activity;sid:84120557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257464)"; flow:established,from_client; content:"GET"; http_method; content:"/javaw2/instance.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sec.xiaojiji.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257464/; classtype:trojan-activity;sid:84120564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257465)"; flow:established,from_client; content:"GET"; http_method; content:"/netstat.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cat.xiaojiji.nl"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257465/; classtype:trojan-activity;sid:84120565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; content:"GET"; http_method; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; content:"GET"; http_method; content:"/proxyonly/www/raw/main/security.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; content:"GET"; http_method; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; content:"GET"; http_method; content:"/img_up/shop_pds/nicehana/client.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"www.xn--on3b15m2lco2u.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; content:"GET"; http_method; content:"/mestalic/site/refs/heads/main/file.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.152.219.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; content:"GET"; http_method; content:"/vz.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"51.79.124.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; content:"GET"; http_method; content:"/chinese.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"202.129.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; content:"GET"; http_method; content:"/hs.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; content:"GET"; http_method; content:"/kg.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; content:"GET"; http_method; content:"/update/data/update.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"114.55.106.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0624.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; content:"GET"; http_method; content:"/sysupdate/ckbgd/2.3.0703.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"8.131.63.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; content:"GET"; http_method; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack0832.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; content:"GET"; http_method; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; content:"GET"; http_method; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/main/tweaks.7z"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; content:"GET"; http_method; content:"/intergate0/none/main/main.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; content:"GET"; http_method; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; content:"GET"; http_method; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; content:"GET"; http_method; content:"/s107000665/c1/master/1223.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; content:"GET"; http_method; content:"/iciamyplant/ctf/master/plantrojan.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; content:"GET"; http_method; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; content:"GET"; http_method; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; content:"GET"; http_method; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; content:"GET"; http_method; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; content:"GET"; http_method; content:"/msf.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qiniuyunxz.yxflzs.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; content:"GET"; http_method; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.39.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; content:"GET"; http_method; content:"/justincoding3/slumfun/main/obfuscated.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; content:"GET"; http_method; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; content:"GET"; http_method; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; content:"GET"; http_method; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; content:"GET"; http_method; content:"/neo23x0/signature-base/archive/master.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; content:"GET"; http_method; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; content:"GET"; http_method; content:"/ryan2159/stuff/main/discord.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; content:"GET"; http_method; content:"/sad-dust/death/main/stealinfo.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240998)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/main/discordspotifybypass.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240998/; classtype:trojan-activity;sid:84104098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240994)"; flow:established,from_client; content:"GET"; http_method; content:"/deepdevil51/discordspotifybypass/raw/main/discordspotifybypass.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240994/; classtype:trojan-activity;sid:84104094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; content:"GET"; http_method; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; content:"GET"; http_method; content:"/cuckoobox/cuckoo/archive/master.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; content:"GET"; http_method; content:"/haxork8880/files/main/windowssync.txt.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; content:"GET"; http_method; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; content:"GET"; http_method; content:"/hackerx237/miner/main/my-files.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; content:"GET"; http_method; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; content:"GET"; http_method; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; content:"GET"; http_method; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"8.138.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; content:"GET"; http_method; content:"/eaklauncher/eaklauncher.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"147.50.240.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; content:"GET"; http_method; content:"/resources/js/info2r.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"188.81.134.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; content:"GET"; http_method; content:"/ff245185/payload/main/fast%20download.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; content:"GET"; http_method; content:"/grozniy1/folder/main/444.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; content:"GET"; http_method; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; content:"GET"; http_method; content:"/5556.rar"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.212.158.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blank-grabber/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; content:"GET"; http_method; content:"/blank-c/blankobf/zip/refs/heads/v2"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; content:"GET"; http_method; content:"/joh81/exploi01/zip/refs/heads/main"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; content:"GET"; http_method; content:"/steve824/a/zip/refs/heads/main"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; content:"GET"; http_method; content:"/thebb5th/123/zip/refs/heads/main"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; content:"GET"; http_method; content:"/center.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"119.193.158.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"153.37.77.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; content:"GET"; http_method; content:"/download/kedadecoder.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.136.142.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xwgl/xw_xxgl.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; content:"GET"; http_method; content:"/file/xw_setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; content:"GET"; http_method; content:"/file/yhy_setup.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"data.yhydl.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; content:"GET"; http_method; content:"/products/4001/updates/efatura/efatura.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"elisans.novayonetim.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; content:"GET"; http_method; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"hnjgdl.geps.glodon.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; content:"GET"; http_method; content:"/natgo.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"dl.natgo.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; content:"GET"; http_method; content:"/download/etermproxy.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pid.fly160.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; content:"GET"; http_method; content:"/pdd_biaoge/soft/down.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"49.234.48.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/17267811/stm.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; content:"GET"; http_method; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; content:"GET"; http_method; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; content:"GET"; http_method; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; content:"GET"; http_method; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; content:"GET"; http_method; content:"/xsh/update.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.126.11.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; content:"GET"; http_method; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; content:"GET"; http_method; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.32.202.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16737801/wave.zip|3f|"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16419615/solara.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; content:"GET"; http_method; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; content:"GET"; http_method; content:"/winassist/login/login.7z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"win.down.55kantu.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.216.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.101.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218007/; classtype:trojan-activity;sid:84081107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"109.207.217.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.147.146.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.130.160.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217775)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217775/; classtype:trojan-activity;sid:84080875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217757)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.106.155.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217757/; classtype:trojan-activity;sid:84080857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.28.228.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.203.169.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.97.161.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.16.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.45.183.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.96.13.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.12.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.191.89.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.161.6.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.205.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; content:"GET"; http_method; content:"/123.ps1"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.247.164.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.118.215.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.212.35.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217136/; classtype:trojan-activity;sid:84080236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217111/; classtype:trojan-activity;sid:84080211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217091/; classtype:trojan-activity;sid:84080191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217069/; classtype:trojan-activity;sid:84080169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217056)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217056/; classtype:trojan-activity;sid:84080156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217064/; classtype:trojan-activity;sid:84080164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217044/; classtype:trojan-activity;sid:84080144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217037/; classtype:trojan-activity;sid:84080137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217023/; classtype:trojan-activity;sid:84080123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217024/; classtype:trojan-activity;sid:84080124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216967/; classtype:trojan-activity;sid:84080067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216986/; classtype:trojan-activity;sid:84080086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216987/; classtype:trojan-activity;sid:84080087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216936/; classtype:trojan-activity;sid:84080036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216894/; classtype:trojan-activity;sid:84079994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216883/; classtype:trojan-activity;sid:84079983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216886)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216886/; classtype:trojan-activity;sid:84079986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216849/; classtype:trojan-activity;sid:84079949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216823)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216823/; classtype:trojan-activity;sid:84079923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216800/; classtype:trojan-activity;sid:84079900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216735/; classtype:trojan-activity;sid:84079835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216740)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216740/; classtype:trojan-activity;sid:84079840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.81.156.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216726/; classtype:trojan-activity;sid:84079826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216650/; classtype:trojan-activity;sid:84079750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216658/; classtype:trojan-activity;sid:84079758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216626/; classtype:trojan-activity;sid:84079726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216572/; classtype:trojan-activity;sid:84079672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.77.228.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216584/; classtype:trojan-activity;sid:84079684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216555/; classtype:trojan-activity;sid:84079655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216561/; classtype:trojan-activity;sid:84079661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.221.111.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216537/; classtype:trojan-activity;sid:84079637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216531/; classtype:trojan-activity;sid:84079631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216509/; classtype:trojan-activity;sid:84079609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216510/; classtype:trojan-activity;sid:84079610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.26.81.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216491/; classtype:trojan-activity;sid:84079591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216497/; classtype:trojan-activity;sid:84079597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.43.104.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.92.214.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.249.6.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.232.126.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.158.25.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.12.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.110.15.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.123.123.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"123.117.136.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.132.13.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216309)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.163.234.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216309/; classtype:trojan-activity;sid:84079409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216301/; classtype:trojan-activity;sid:84079401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"156.155.176.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.217.215.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.147.225.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.57.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.85.176.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.151.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215780/; classtype:trojan-activity;sid:84078880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.233.63.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215775/; classtype:trojan-activity;sid:84078875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.203.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215482/; classtype:trojan-activity;sid:84078582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215468/; classtype:trojan-activity;sid:84078568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215469/; classtype:trojan-activity;sid:84078569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.160.87.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215454/; classtype:trojan-activity;sid:84078554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.236.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215434/; classtype:trojan-activity;sid:84078534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215420/; classtype:trojan-activity;sid:84078520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.209.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.141.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215393/; classtype:trojan-activity;sid:84078493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.46.170.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215359/; classtype:trojan-activity;sid:84078459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.211.135.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215356/; classtype:trojan-activity;sid:84078456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215357/; classtype:trojan-activity;sid:84078457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; content:"GET"; http_method; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; content:"GET"; http_method; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; content:"GET"; http_method; content:"/slinky/slinkycrack.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"crystalpvp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; content:"GET"; http_method; content:"/pinginfoview.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; content:"GET"; http_method; content:"/cen22.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"39.100.33.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; content:"GET"; http_method; content:"/scanport.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.198.15.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; content:"GET"; http_method; content:"/fx8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"123.57.250.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195292)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%b8%85%e7%90%86%e5%9e%83%e5%9c%be.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195292/; classtype:trojan-activity;sid:84058392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; content:"GET"; http_method; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/js/main/core/core.js"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"evangroup.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; content:"GET"; http_method; content:"/unknwon1352/qawfdasfaw/main/software.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; content:"GET"; http_method; content:"/repository/aa_v3.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.149.17.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; content:"GET"; http_method; content:"/blueskyxn/changesource/master/besttrace"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.6.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; content:"GET"; http_method; content:"/dxl_win_tool_v9.4.iso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; content:"GET"; http_method; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; content:"GET"; http_method; content:"/1_dxl_windowsport.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"down.fwqlt.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174915)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174915/; classtype:trojan-activity;sid:84038015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.220.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174919/; classtype:trojan-activity;sid:84038019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; content:"GET"; http_method; content:"/scribblercoder/browserthief/main/browserthief.ps1"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; content:"GET"; http_method; content:"/foru.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.tecunonline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.0.42.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"85.25.72.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; content:"GET"; http_method; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163579)"; flow:established,from_client; content:"GET"; http_method; content:"/handler/download|3f|action=download|7c|26|7c|download_id=jgc6slaf|7c|26|7c|private_id=0|7c|26|7c|url=https%253a%252f%252fyoutransfer.net%252fjgc6slaf"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"youtransfer.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163579/; classtype:trojan-activity;sid:84026679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; content:"GET"; http_method; content:"/hackirby/discord-injection/main/injection.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3137563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.224.162.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_31; reference:url, urlhaus.abuse.ch/url/3137563/; classtype:trojan-activity;sid:84000663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; content:"GET"; http_method; content:"/miners/myxmrig.tgz"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"do-dear.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; content:"GET"; http_method; content:"/sosinchik/asd/main/zoom.py"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; content:"GET"; http_method; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; content:"GET"; http_method; content:"/log/orgn.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"epanpano.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; content:"GET"; http_method; content:"/qqhelper_1540.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"down.qqfarmer.com.cn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; content:"GET"; http_method; content:"/nova_flow/patcher.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"144.172.71.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; content:"GET"; http_method; content:"/pages/update/css/self/[upg]css.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"cs.go.kg"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; content:"GET"; http_method; content:"/asmedises/pxray_cast_sort.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.medises.co.kr"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; content:"GET"; http_method; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"temirtau-adm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; content:"GET"; http_method; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.104.213.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"200.29.120.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.182.76.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.121.250.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/version.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark64.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; content:"GET"; http_method; content:"/openark/openark32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"file.blackint3.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_move.bat"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/backdoor.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; content:"GET"; http_method; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103489)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103489/; classtype:trojan-activity;sid:83966589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103467)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.241.17.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103467/; classtype:trojan-activity;sid:83966567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100103)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100103/; classtype:trojan-activity;sid:83963203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100102)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100102/; classtype:trojan-activity;sid:83963202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100100)"; flow:established,from_client; content:"GET"; http_method; content:"/ggwsupdate.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100100/; classtype:trojan-activity;sid:83963200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; content:"GET"; http_method; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3093518)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uypthvq0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3093518/; classtype:trojan-activity;sid:83956618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092809)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rme3ibrb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092809/; classtype:trojan-activity;sid:83955909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3092807)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/a9he0f3w"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_06; reference:url, urlhaus.abuse.ch/url/3092807/; classtype:trojan-activity;sid:83955907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/%5bwin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; content:"GET"; http_method; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; content:"GET"; http_method; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; content:"GET"; http_method; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; content:"GET"; http_method; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; content:"GET"; http_method; content:"/cve-2023-36874.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; content:"GET"; http_method; content:"/b64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.255.46.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.248.47.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968679)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/12.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968679/; classtype:trojan-activity;sid:83831779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2968678)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/22.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_13; reference:url, urlhaus.abuse.ch/url/2968678/; classtype:trojan-activity;sid:83831778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; content:"GET"; http_method; content:"/tan.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945593)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sab/dithioic.csv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"new.quranushaiqer.org.sa"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945593/; classtype:trojan-activity;sid:83808693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945560)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sab/dithioic.csv"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"new.quranushaiqer.org.sa"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945560/; classtype:trojan-activity;sid:83808660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; content:"GET"; http_method; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942727)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/1.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942727/; classtype:trojan-activity;sid:83805827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942725)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download//1.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942725/; classtype:trojan-activity;sid:83805825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942694)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/123.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"47.98.177.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942694/; classtype:trojan-activity;sid:83805794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; content:"GET"; http_method; content:"/supershell/compile/download/win"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"8.218.138.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; content:"GET"; http_method; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; content:"GET"; http_method; content:"/445.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; content:"GET"; http_method; content:"/tq.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"down.ftp21.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.58.62.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.22.139.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.255.114.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"softbank126023203236.bbtec.net"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-195-103-203-106.business.telecomitalia.it"; http_host; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"host-95-255-114-11.business.telecomitalia.it"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.118.79.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.184.185.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.224.107.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908899)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908899/; classtype:trojan-activity;sid:83771999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"190.108.63.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908901)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"211.192.113.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908901/; classtype:trojan-activity;sid:83772001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.57.39.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzonepieces/posapsi/master/chatlife.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; content:"GET"; http_method; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.178.133.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.67.254.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; content:"GET"; http_method; content:"/help.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.157.17.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; content:"GET"; http_method; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; content:"GET"; http_method; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; content:"GET"; http_method; content:"/unp%20setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"36.138.125.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"92.127.156.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874109)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p_knmkidu8kiejeem_ijrlumbjih3bkv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874109/; classtype:trojan-activity;sid:83737209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872168)"; flow:established,from_client; content:"GET"; http_method; content:"/htwvlcdsfcrahhchdd97.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ramirex.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2872168/; classtype:trojan-activity;sid:83735268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872167)"; flow:established,from_client; content:"GET"; http_method; content:"/rutschebanes.qxd"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ramirex.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2872167/; classtype:trojan-activity;sid:83735267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870237)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cqtygpx9gdoywntprwub0xbckivif6iy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870237/; classtype:trojan-activity;sid:83733337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkapis.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; content:"GET"; http_method; content:"/wxworkmultiopen.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.25.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; content:"GET"; http_method; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; content:"GET"; http_method; content:"/a.i_1003h.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"221.143.49.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865442)"; flow:established,from_client; content:"GET"; http_method; content:"/ggws_upload.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865442/; classtype:trojan-activity;sid:83728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865272)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthbq.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865272/; classtype:trojan-activity;sid:83728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865273)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupload.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865273/; classtype:trojan-activity;sid:83728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2865241)"; flow:established,from_client; content:"GET"; http_method; content:"/sthealthupdate.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.104.173.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_27; reference:url, urlhaus.abuse.ch/url/2865241/; classtype:trojan-activity;sid:83728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.43.19.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863330)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863330/; classtype:trojan-activity;sid:83726430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.57.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.49.168.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862520)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/varteyjw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862520/; classtype:trojan-activity;sid:83725620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/8gikly"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/medjl1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dy1f16"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/kx3wl4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/ppxodm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/e7opy8"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/7dhid7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/tbfvpd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/g2js91"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/lt00vw"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/i7tdbr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/3a9xj1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/wyg3h5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/dvbcvt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; content:"GET"; http_method; content:"/pro/dl/exw2o1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.sendspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861842)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861842/; classtype:trojan-activity;sid:83724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861844)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861844/; classtype:trojan-activity;sid:83724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861839)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861839/; classtype:trojan-activity;sid:83724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.176.204.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"141.134.214.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861799)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861799/; classtype:trojan-activity;sid:83724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"132.255.192.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861785)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861785/; classtype:trojan-activity;sid:83724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"218.108.181.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861763)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861763/; classtype:trojan-activity;sid:83724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861745)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861745/; classtype:trojan-activity;sid:83724845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"123.143.141.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"81.42.247.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"166.144.131.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861734)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861734/; classtype:trojan-activity;sid:83724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861716)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861716/; classtype:trojan-activity;sid:83724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"102.216.105.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861685)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861685/; classtype:trojan-activity;sid:83724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.24.87.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861641)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861641/; classtype:trojan-activity;sid:83724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.47.248.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861629)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861629/; classtype:trojan-activity;sid:83724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861615)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861615/; classtype:trojan-activity;sid:83724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861620)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861620/; classtype:trojan-activity;sid:83724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861598)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861598/; classtype:trojan-activity;sid:83724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"223.82.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861601)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861601/; classtype:trojan-activity;sid:83724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861609)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861609/; classtype:trojan-activity;sid:83724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.183.208.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861562)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861562/; classtype:trojan-activity;sid:83724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.230.215.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; content:"GET"; http_method; content:"//sshd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"76.53.38.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.231.190.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859756)"; flow:established,from_client; content:"GET"; http_method; content:"/a0tnubtz.so"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.16.119.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859756/; classtype:trojan-activity;sid:83722856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859511)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.66.30.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859511/; classtype:trojan-activity;sid:83722611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.148.194.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; content:"GET"; http_method; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2858898)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.186.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2858898/; classtype:trojan-activity;sid:83721998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857904)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857904/; classtype:trojan-activity;sid:83721004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.2.229.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.62.200.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857813)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857813/; classtype:trojan-activity;sid:83720913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857809)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857809/; classtype:trojan-activity;sid:83720909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.3.248.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857804)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.49.95.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857804/; classtype:trojan-activity;sid:83720904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857802)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857802/; classtype:trojan-activity;sid:83720902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857795)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857795/; classtype:trojan-activity;sid:83720895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.107.218.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857778)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857778/; classtype:trojan-activity;sid:83720878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.75.168.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857773)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857773/; classtype:trojan-activity;sid:83720873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857762)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857762/; classtype:trojan-activity;sid:83720862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.123.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857719)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857719/; classtype:trojan-activity;sid:83720819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.241.90.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857696/; classtype:trojan-activity;sid:83720796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.173.70.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.160.251.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857669)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857669/; classtype:trojan-activity;sid:83720769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"87.251.249.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.87.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857652)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.170.32.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857652/; classtype:trojan-activity;sid:83720752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.0.241.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"118.69.157.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.176.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.93.103.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"112.4.110.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"24.234.159.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.14.38.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.237.29.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.250.54.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857551)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857551/; classtype:trojan-activity;sid:83720651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857545)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857545/; classtype:trojan-activity;sid:83720645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.139.20.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857526)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857526/; classtype:trojan-activity;sid:83720626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.129.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.162.229.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"223.108.58.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857498)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857498/; classtype:trojan-activity;sid:83720598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.164.39.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857475)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857475/; classtype:trojan-activity;sid:83720575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.222.113.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857464)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"99.71.130.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857464/; classtype:trojan-activity;sid:83720564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.68.74.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"165.73.108.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"174.71.237.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"68.226.36.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.30.12.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/css/setup.msi"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zenglobalenerji.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; content:"GET"; http_method; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"static.zongheng.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843557)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/is2kceh3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843557/; classtype:trojan-activity;sid:83706657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843086)"; flow:established,from_client; content:"GET"; http_method; content:"/pew"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843086/; classtype:trojan-activity;sid:83706186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2843044)"; flow:established,from_client; content:"GET"; http_method; content:"/bo"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2843044/; classtype:trojan-activity;sid:83706144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.193.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842724/; classtype:trojan-activity;sid:83705824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.116.62.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842723/; classtype:trojan-activity;sid:83705823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.245.220.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842030/; classtype:trojan-activity;sid:83705130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.145.205.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842006/; classtype:trojan-activity;sid:83705106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.5.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841988/; classtype:trojan-activity;sid:83705088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptography_module_windows.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.87.223.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.115.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.151.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.51.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841602/; classtype:trojan-activity;sid:83704702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.85.143.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.249.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; content:"GET"; http_method; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"www.websitedesigningindia.biz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822888/; classtype:trojan-activity;sid:83685988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.51.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822732/; classtype:trojan-activity;sid:83685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822438)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.203.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822438/; classtype:trojan-activity;sid:83685538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822410)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.255.10.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822410/; classtype:trojan-activity;sid:83685510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822357/; classtype:trojan-activity;sid:83685457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822287/; classtype:trojan-activity;sid:83685387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.237.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822215/; classtype:trojan-activity;sid:83685315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822208)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822208/; classtype:trojan-activity;sid:83685308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822078)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.203.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822078/; classtype:trojan-activity;sid:83685178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821965)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821965/; classtype:trojan-activity;sid:83685065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821841/; classtype:trojan-activity;sid:83684941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.236.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821772/; classtype:trojan-activity;sid:83684872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.255.10.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821718/; classtype:trojan-activity;sid:83684818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821627/; classtype:trojan-activity;sid:83684727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.237.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821616/; classtype:trojan-activity;sid:83684716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820623)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/esa0xclp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820623/; classtype:trojan-activity;sid:83683723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.203.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818921/; classtype:trojan-activity;sid:83682021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.203.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818904/; classtype:trojan-activity;sid:83682004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818781/; classtype:trojan-activity;sid:83681881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818238/; classtype:trojan-activity;sid:83681338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.67.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813092/; classtype:trojan-activity;sid:83676192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.187.151.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809202/; classtype:trojan-activity;sid:83672302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.170.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.116.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.101.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808886/; classtype:trojan-activity;sid:83671986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.51.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808741/; classtype:trojan-activity;sid:83671841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.13.221.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808731/; classtype:trojan-activity;sid:83671831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.237.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808595/; classtype:trojan-activity;sid:83671695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.195.100.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dkj56fnkcbsf3inlqszzm7vpvq3dmdl5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799350/; classtype:trojan-activity;sid:83662450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798325)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798325/; classtype:trojan-activity;sid:83661425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"75.119.134.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"metrics.gocloudmaps.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; content:"GET"; http_method; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; content:"GET"; http_method; content:"/hitmanpro.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hitman-pro.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; content:"GET"; http_method; content:"/dt9.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"delp-heizungsbau.de"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753677)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//projetodegente.com"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_30; reference:url, urlhaus.abuse.ch/url/2753677/; classtype:trojan-activity;sid:83616777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//higreens.co.in"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://cliffg.me"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://streammobs.com/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//old.umcl.us/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://dongyu.us/"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749054)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lrviuk1wka4di3qh7ach-b7m1ics2hbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749054/; classtype:trojan-activity;sid:83612154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv5qahzp_toxgct3ezfvvy4q3a5vvh6s"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748349/; classtype:trojan-activity;sid:83611449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//procuratio.nu/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747826)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u-vaalebjnomuhbyimsdjqctjqfyiwna"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747826/; classtype:trojan-activity;sid:83610926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747433)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zpmmtvzq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747433/; classtype:trojan-activity;sid:83610533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746751)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/avmezmcr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_05; reference:url, urlhaus.abuse.ch/url/2746751/; classtype:trojan-activity;sid:83609851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746285)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v7jxrycp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746285/; classtype:trojan-activity;sid:83609385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=https://namaacont.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728799)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/wfwtp8qn"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_11_07; reference:url, urlhaus.abuse.ch/url/2728799/; classtype:trojan-activity;sid:83591899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; content:"GET"; http_method; content:"/frankcastle2/0/main/0j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726917)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1heka7sgmbcessdhxtvmfwxownz7sipbb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726917/; classtype:trojan-activity;sid:83590017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726774)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cz1lqyxis4wvr7nlc71ukekxyhj5xu-l"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726774/; classtype:trojan-activity;sid:83589874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; content:"GET"; http_method; content:"/image.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720967)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.229.5.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720967/; classtype:trojan-activity;sid:83584067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.152.81.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_16; reference:url, urlhaus.abuse.ch/url/2720935/; classtype:trojan-activity;sid:83584035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; content:"GET"; http_method; content:"/rter/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"tanscarattorneys.co.tz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2711386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"183.97.32.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_13; reference:url, urlhaus.abuse.ch/url/2711386/; classtype:trojan-activity;sid:83574486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; content:"GET"; http_method; content:"/readme.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"svirtual.sanviatorperu.edu.pe"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2707934)"; flow:established,from_client; content:"GET"; http_method; content:"/js/files/chi/1.hta"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"isometricsindia.co.in"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_08_28; reference:url, urlhaus.abuse.ch/url/2707934/; classtype:trojan-activity;sid:83571034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/scler.ttf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"scainseto.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2701777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tm63vbgu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_08_07; reference:url, urlhaus.abuse.ch/url/2701777/; classtype:trojan-activity;sid:83564877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2694556)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/plain-sunset-8e5d78/original/js.jpeg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2694556/; classtype:trojan-activity;sid:83557656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692699)"; flow:established,from_client; content:"GET"; http_method; content:"/v2/long-glade-33dc08/original/rump_img.jpeg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.pixelbin.io"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_30; reference:url, urlhaus.abuse.ch/url/2692699/; classtype:trojan-activity;sid:83555799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2686558)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jc80ycae"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_20; reference:url, urlhaus.abuse.ch/url/2686558/; classtype:trojan-activity;sid:83549658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.7.131.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682035/; classtype:trojan-activity;sid:83545135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677884)"; flow:established,from_client; content:"GET"; http_method; content:"/download/a.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"api.baimless.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_07; reference:url, urlhaus.abuse.ch/url/2677884/; classtype:trojan-activity;sid:83540984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676029)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rr3hywgc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2676029/; classtype:trojan-activity;sid:83539129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2622777)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1a5fq2ek"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_05_02; reference:url, urlhaus.abuse.ch/url/2622777/; classtype:trojan-activity;sid:83485877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2619968)"; flow:established,from_client; content:"GET"; http_method; content:"/purple/rain.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fotosdepuebla.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_04_28; reference:url, urlhaus.abuse.ch/url/2619968/; classtype:trojan-activity;sid:83483068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617048)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/nss3.dll"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617048/; classtype:trojan-activity;sid:83480148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617044)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/msvcp140.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617044/; classtype:trojan-activity;sid:83480144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617045)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/mozglue.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617045/; classtype:trojan-activity;sid:83480145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617046)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/freebl3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617046/; classtype:trojan-activity;sid:83480146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617047)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/sqlite3.dll"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617047/; classtype:trojan-activity;sid:83480147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617042)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/softokn3.dll"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617042/; classtype:trojan-activity;sid:83480142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2617043)"; flow:established,from_client; content:"GET"; http_method; content:"/an7jd0qo6kt5bk5bq4er8fe1xp7hl2vk/vcruntime140.dll"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"91.235.234.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_24; reference:url, urlhaus.abuse.ch/url/2617043/; classtype:trojan-activity;sid:83480143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2602547)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mdpqv8gx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_08; reference:url, urlhaus.abuse.ch/url/2602547/; classtype:trojan-activity;sid:83465647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2587598)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jtx57kpr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_27; reference:url, urlhaus.abuse.ch/url/2587598/; classtype:trojan-activity;sid:83450698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581182)"; flow:established,from_client; content:"GET"; http_method; content:"/dqvoakrc/hh9/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ardena.pro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581182/; classtype:trojan-activity;sid:83444282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2579753)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fu3d5tvi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2579753/; classtype:trojan-activity;sid:83442853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573934)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/4jusqzvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573934/; classtype:trojan-activity;sid:83437034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572493)"; flow:established,from_client; content:"GET"; http_method; content:"/nti/nti.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"shaderm.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572493/; classtype:trojan-activity;sid:83435593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571457)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571457/; classtype:trojan-activity;sid:83434557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571410)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"riderspin.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571410/; classtype:trojan-activity;sid:83434510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571398)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571398/; classtype:trojan-activity;sid:83434498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571356)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571356/; classtype:trojan-activity;sid:83434456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571158)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571158/; classtype:trojan-activity;sid:83434258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571152)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571152/; classtype:trojan-activity;sid:83434252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571043)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"donkeytourscroatia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571043/; classtype:trojan-activity;sid:83434143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571034)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"estudio.ythan.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571034/; classtype:trojan-activity;sid:83434134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570990)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"riderspin.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570990/; classtype:trojan-activity;sid:83434090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570844)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570844/; classtype:trojan-activity;sid:83433944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570732)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570732/; classtype:trojan-activity;sid:83433832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; content:"GET"; http_method; content:"/connect/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"admin.byte.in.ua"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embedone.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570501)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"records.dennisign.se"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570501/; classtype:trojan-activity;sid:83433601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570474)"; flow:established,from_client; content:"GET"; http_method; content:"/scarica/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cfu.twr.mybluehost.me"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570474/; classtype:trojan-activity;sid:83433574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570386)"; flow:established,from_client; content:"GET"; http_method; content:"/agenzia/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"derekludlow.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570386/; classtype:trojan-activity;sid:83433486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568876)"; flow:established,from_client; content:"GET"; http_method; content:"/teev/teev.js"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"nusatoyota.co.id"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568876/; classtype:trojan-activity;sid:83431976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568823)"; flow:established,from_client; content:"GET"; http_method; content:"/gcn/gcn.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"spoar.org.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568823/; classtype:trojan-activity;sid:83431923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555339)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rn8tlx2e"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555339/; classtype:trojan-activity;sid:83418439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2533240)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bztvxkzb"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2533240/; classtype:trojan-activity;sid:83396340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2510643)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bn6ktvyl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_17; reference:url, urlhaus.abuse.ch/url/2510643/; classtype:trojan-activity;sid:83373743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2502405)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/tgp9td9z"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_01_09; reference:url, urlhaus.abuse.ch/url/2502405/; classtype:trojan-activity;sid:83365505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2425972)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1cpaqimeblbmxrxoli6d3cczgkrbzpy8_"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_18; reference:url, urlhaus.abuse.ch/url/2425972/; classtype:trojan-activity;sid:83289072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403614)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/uuja3km9"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403614/; classtype:trojan-activity;sid:83266714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2399181)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nrhtc20u"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_03; reference:url, urlhaus.abuse.ch/url/2399181/; classtype:trojan-activity;sid:83262281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2388056)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5nyvlbz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_27; reference:url, urlhaus.abuse.ch/url/2388056/; classtype:trojan-activity;sid:83251156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2376908)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hf1kfswr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_10_18; reference:url, urlhaus.abuse.ch/url/2376908/; classtype:trojan-activity;sid:83240008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314671)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/8v775ivv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314671/; classtype:trojan-activity;sid:83177771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; content:"GET"; http_method; content:"/janchuk/voidrat/raw/master/voidrat.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301795)"; flow:established,from_client; content:"GET"; http_method; content:"/buding.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.98.224.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301795/; classtype:trojan-activity;sid:83164895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2300014)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gxkzk3ds"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_12; reference:url, urlhaus.abuse.ch/url/2300014/; classtype:trojan-activity;sid:83163114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276646)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ujztrvsh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276646/; classtype:trojan-activity;sid:83139746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276438)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/t53jemit"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276438/; classtype:trojan-activity;sid:83139538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276221)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jstt4bu3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_23; reference:url, urlhaus.abuse.ch/url/2276221/; classtype:trojan-activity;sid:83139321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258131)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/e8kjpbmd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_17; reference:url, urlhaus.abuse.ch/url/2258131/; classtype:trojan-activity;sid:83121231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253550)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ib64cptx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_03; reference:url, urlhaus.abuse.ch/url/2253550/; classtype:trojan-activity;sid:83116650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253210)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/rwrja2sz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_07_02; reference:url, urlhaus.abuse.ch/url/2253210/; classtype:trojan-activity;sid:83116310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; content:"GET"; http_method; content:"/ema_kvcebm137.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"mersped.mycpanel.rs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246139)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.219.38.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246139/; classtype:trojan-activity;sid:83109239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2241008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ty045yct"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_06_16; reference:url, urlhaus.abuse.ch/url/2241008/; classtype:trojan-activity;sid:83104108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; content:"GET"; http_method; content:"/cg100/cg100.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; content:"GET"; http_method; content:"/cgmb/benzmonster.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"update.cg100iii.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2236625)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sm02zsvdywdotb7rql/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dhnconstrucciones.com.ar"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2022_06_13; reference:url, urlhaus.abuse.ch/url/2236625/; classtype:trojan-activity;sid:83099725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2164668)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/uadjw/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2164668/; classtype:trojan-activity;sid:83027768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160868)"; flow:established,from_client; content:"GET"; http_method; content:"/atm/u7/gf/sqmjjkgf.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cloudnewsfeed.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_04_23; reference:url, urlhaus.abuse.ch/url/2160868/; classtype:trojan-activity;sid:83023968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2148323)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5nnq0rbw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_14; reference:url, urlhaus.abuse.ch/url/2148323/; classtype:trojan-activity;sid:83011423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2135884)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/herrldgm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_04_07; reference:url, urlhaus.abuse.ch/url/2135884/; classtype:trojan-activity;sid:82998984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119354)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119354/; classtype:trojan-activity;sid:82982454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; content:"GET"; http_method; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"farschid.de"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/yjmqxmidki/a/hyehwggs.ps1"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"trtmyanmar.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2114263/; classtype:trojan-activity;sid:82977363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2098517)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znbskzzj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_03_15; reference:url, urlhaus.abuse.ch/url/2098517/; classtype:trojan-activity;sid:82961617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; content:"GET"; http_method; content:"/zp-user/protected%20client.js"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dreamwatchevent.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2044850)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3k52mzsw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_02_16; reference:url, urlhaus.abuse.ch/url/2044850/; classtype:trojan-activity;sid:82907950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2024674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.152.84.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_02; reference:url, urlhaus.abuse.ch/url/2024674/; classtype:trojan-activity;sid:82887774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; content:"GET"; http_method; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"rxquickpay.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021799)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/retraction.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021799/; classtype:trojan-activity;sid:82884899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021757)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/highlight.php"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021757/; classtype:trojan-activity;sid:82884857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; content:"GET"; http_method; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"acms.saleseos.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019377)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/assents.php"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019377/; classtype:trojan-activity;sid:82882477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019378)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/tautly.php"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019378/; classtype:trojan-activity;sid:82882478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019365)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/knave.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019365/; classtype:trojan-activity;sid:82882465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019358)"; flow:established,from_client; content:"GET"; http_method; content:"/public/userbackend/plugins/dropzone/min/stare.php"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"theholidayroads.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019358/; classtype:trojan-activity;sid:82882458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008178)"; flow:established,from_client; content:"GET"; http_method; content:"/comply.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008178/; classtype:trojan-activity;sid:82871278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; content:"GET"; http_method; content:"/squalid.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"continentalgroup.net.in"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; content:"GET"; http_method; content:"/development/public/uploads/images/categories/beirut.php"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"www.crazywickedaddiction.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"forms.saurashtrauniversity.edu"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891107)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/backupbuddy/destinations/_s3lib/multigate.php"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"www.jerminpelle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891107/; classtype:trojan-activity;sid:82754207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891112)"; flow:established,from_client; content:"GET"; http_method; content:"/honduras.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891112/; classtype:trojan-activity;sid:82754212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891095)"; flow:established,from_client; content:"GET"; http_method; content:"/assets2/theme/css/gluttonous.php"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891095/; classtype:trojan-activity;sid:82754195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891096)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/backupbuddy/destinations/_s3lib/kind.php"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"www.jerminpelle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891096/; classtype:trojan-activity;sid:82754196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891097)"; flow:established,from_client; content:"GET"; http_method; content:"/scuttlebutt.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.jerminpelle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891097/; classtype:trojan-activity;sid:82754197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891066)"; flow:established,from_client; content:"GET"; http_method; content:"/searching.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891066/; classtype:trojan-activity;sid:82754166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891070)"; flow:established,from_client; content:"GET"; http_method; content:"/assets2/theme/css/linearization.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891070/; classtype:trojan-activity;sid:82754170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891071)"; flow:established,from_client; content:"GET"; http_method; content:"/wrongdoer.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"xenon.studio"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891071/; classtype:trojan-activity;sid:82754171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/crypta.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reauthenticator.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888158)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/revslider/templates/360panorama/philip.php"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"aakrutitexture.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888158/; classtype:trojan-activity;sid:82751258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888149)"; flow:established,from_client; content:"GET"; http_method; content:"/roughness.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888149/; classtype:trojan-activity;sid:82751249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888138)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/revslider/templates/360panorama/qualm.php"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"aakrutitexture.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888138/; classtype:trojan-activity;sid:82751238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888139)"; flow:established,from_client; content:"GET"; http_method; content:"/intermission.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888139/; classtype:trojan-activity;sid:82751239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; content:"GET"; http_method; content:"/redesign.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; content:"GET"; http_method; content:"/antienuretic.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; content:"GET"; http_method; content:"/fizz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888108)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/revslider/templates/360panorama/welder.php"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"aakrutitexture.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888108/; classtype:trojan-activity;sid:82751208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; content:"GET"; http_method; content:"/designer.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; content:"GET"; http_method; content:"/frustrating.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888072)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/revslider/templates/360panorama/buried.php"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"aakrutitexture.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888072/; classtype:trojan-activity;sid:82751172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; content:"GET"; http_method; content:"/conditioner.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888082)"; flow:established,from_client; content:"GET"; http_method; content:"/unthinkably.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888082/; classtype:trojan-activity;sid:82751182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; content:"GET"; http_method; content:"/unexplainable.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; content:"GET"; http_method; content:"/whiz.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kramersmarionnettes.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887928)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/revslider/templates/360panorama/carbolic.php"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"aakrutitexture.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887928/; classtype:trojan-activity;sid:82751028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887909)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/revslider/templates/360panorama/luckily.php"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"aakrutitexture.in"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887909/; classtype:trojan-activity;sid:82751009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1861154)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.158.206.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_07; reference:url, urlhaus.abuse.ch/url/1861154/; classtype:trojan-activity;sid:82724254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1840623)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/t7scuzy/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"apple-service93.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1840623/; classtype:trojan-activity;sid:82703723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839258)"; flow:established,from_client; content:"GET"; http_method; content:"/shopped.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839258/; classtype:trojan-activity;sid:82702358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839238)"; flow:established,from_client; content:"GET"; http_method; content:"/accumulation.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839238/; classtype:trojan-activity;sid:82702338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839240)"; flow:established,from_client; content:"GET"; http_method; content:"/scuffler.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839240/; classtype:trojan-activity;sid:82702340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838316)"; flow:established,from_client; content:"GET"; http_method; content:"/ticketing.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838316/; classtype:trojan-activity;sid:82701416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838317)"; flow:established,from_client; content:"GET"; http_method; content:"/complicate.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838317/; classtype:trojan-activity;sid:82701417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838306)"; flow:established,from_client; content:"GET"; http_method; content:"/blend.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838306/; classtype:trojan-activity;sid:82701406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838289)"; flow:established,from_client; content:"GET"; http_method; content:"/gastric.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838289/; classtype:trojan-activity;sid:82701389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838275)"; flow:established,from_client; content:"GET"; http_method; content:"/flyer.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838275/; classtype:trojan-activity;sid:82701375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838263)"; flow:established,from_client; content:"GET"; http_method; content:"/acclimated.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"beoauto.alexion.rs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838263/; classtype:trojan-activity;sid:82701363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838242)"; flow:established,from_client; content:"GET"; http_method; content:"/warmhearted.php"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838242/; classtype:trojan-activity;sid:82701342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838244)"; flow:established,from_client; content:"GET"; http_method; content:"/daydream.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"greenf.alexion.rs"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838244/; classtype:trojan-activity;sid:82701344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1809781)"; flow:established,from_client; content:"GET"; http_method; content:"/libraries/vendor/joomla/registry/src/format/pinafore.php"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ukguk71.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_23; reference:url, urlhaus.abuse.ch/url/1809781/; classtype:trojan-activity;sid:82672881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1778573)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/c91fwnb0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_12; reference:url, urlhaus.abuse.ch/url/1778573/; classtype:trojan-activity;sid:82641673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1751625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ywjkrwem"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_11_04; reference:url, urlhaus.abuse.ch/url/1751625/; classtype:trojan-activity;sid:82614725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1744285)"; flow:established,from_client; content:"GET"; http_method; content:"/chimney.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1744285/; classtype:trojan-activity;sid:82607385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; content:"GET"; http_method; content:"/zoologies.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743734)"; flow:established,from_client; content:"GET"; http_method; content:"/tenterhook.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"affirmingyourlife.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743734/; classtype:trojan-activity;sid:82606834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; content:"GET"; http_method; content:"/whacked.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743650)"; flow:established,from_client; content:"GET"; http_method; content:"/toggle.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743650/; classtype:trojan-activity;sid:82606750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; content:"GET"; http_method; content:"/unplug.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1728024)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/egenyqrk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1728024/; classtype:trojan-activity;sid:82591124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1727038)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/nwj3nqw2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_29; reference:url, urlhaus.abuse.ch/url/1727038/; classtype:trojan-activity;sid:82590138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/fucking.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/medialibrary/012/chaperon.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shop.mediasova.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1681096)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/htylx0l1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_15; reference:url, urlhaus.abuse.ch/url/1681096/; classtype:trojan-activity;sid:82544196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1678523)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/vltktanthutn.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kimyen.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_14; reference:url, urlhaus.abuse.ch/url/1678523/; classtype:trojan-activity;sid:82541623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1668138)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2a3tx7hd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1668138/; classtype:trojan-activity;sid:82531238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/spell.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2021/01/stored.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"easybrand.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638740)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xpmlg1s0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638740/; classtype:trojan-activity;sid:82501840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1638721)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/3pqfze3c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_21; reference:url, urlhaus.abuse.ch/url/1638721/; classtype:trojan-activity;sid:82501821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1619497)"; flow:established,from_client; content:"GET"; http_method; content:"/decapitate.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tiacreation.club"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_14; reference:url, urlhaus.abuse.ch/url/1619497/; classtype:trojan-activity;sid:82482597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609238)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mjzm2uub"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609238/; classtype:trojan-activity;sid:82472338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1609225)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/fhxehwzr"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_10; reference:url, urlhaus.abuse.ch/url/1609225/; classtype:trojan-activity;sid:82472325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1604292)"; flow:established,from_client; content:"GET"; http_method; content:"/promethium.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_09; reference:url, urlhaus.abuse.ch/url/1604292/; classtype:trojan-activity;sid:82467392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602881)"; flow:established,from_client; content:"GET"; http_method; content:"/photon.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602881/; classtype:trojan-activity;sid:82465981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602867)"; flow:established,from_client; content:"GET"; http_method; content:"/philanthropic.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602867/; classtype:trojan-activity;sid:82465967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602778)"; flow:established,from_client; content:"GET"; http_method; content:"/wash.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lawfirm.paperbirdtech.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602778/; classtype:trojan-activity;sid:82465878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; content:"GET"; http_method; content:"/coon.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; content:"GET"; http_method; content:"/manly.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; content:"GET"; http_method; content:"/lecher.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582015)"; flow:established,from_client; content:"GET"; http_method; content:"/strobing.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"allendostmen.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582015/; classtype:trojan-activity;sid:82445115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1569937)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2fvyxcn8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_08_27; reference:url, urlhaus.abuse.ch/url/1569937/; classtype:trojan-activity;sid:82433037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1562140)"; flow:established,from_client; content:"GET"; http_method; content:"/poised.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mygrocerbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_25; reference:url, urlhaus.abuse.ch/url/1562140/; classtype:trojan-activity;sid:82425240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1544575)"; flow:established,from_client; content:"GET"; http_method; content:"/liveried.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pos-mobile.enlineatechnologies.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2021_08_18; reference:url, urlhaus.abuse.ch/url/1544575/; classtype:trojan-activity;sid:82407675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1544544)"; flow:established,from_client; content:"GET"; http_method; content:"/planetesimal.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pos-mobile.enlineatechnologies.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2021_08_18; reference:url, urlhaus.abuse.ch/url/1544544/; classtype:trojan-activity;sid:82407644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; content:"GET"; http_method; content:"/teachable.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; content:"GET"; http_method; content:"/aggressive.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; content:"GET"; http_method; content:"/belt.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; content:"GET"; http_method; content:"/anarchical.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bridgeroad.maverickpreviews.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; content:"GET"; http_method; content:"/newborn.php"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; content:"GET"; http_method; content:"/ruckus.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; content:"GET"; http_method; content:"/unanswerable.php"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"chat-server.maverickpreviews.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503341)"; flow:established,from_client; content:"GET"; http_method; content:"/harass.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503341/; classtype:trojan-activity;sid:82366441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; content:"GET"; http_method; content:"/sweat.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.cutting-edge.in"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; content:"GET"; http_method; content:"/power.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.106.250.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1431282)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zn9ibvfw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_07_06; reference:url, urlhaus.abuse.ch/url/1431282/; classtype:trojan-activity;sid:82294382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; content:"GET"; http_method; content:"/watercress.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; content:"GET"; http_method; content:"/lining.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; content:"GET"; http_method; content:"/scroungy.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.playtown.co.za"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; content:"GET"; http_method; content:"/pinout.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; content:"GET"; http_method; content:"/steeplechases.php"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; content:"GET"; http_method; content:"/familial.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklight.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; content:"GET"; http_method; content:"/update_vbase/voklightd.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"visam.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; content:"GET"; http_method; content:"/habitual.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; content:"GET"; http_method; content:"/ruleless.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; content:"GET"; http_method; content:"/toothy.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; content:"GET"; http_method; content:"/unpunished.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346885)"; flow:established,from_client; content:"GET"; http_method; content:"/jordan.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346885/; classtype:trojan-activity;sid:82209985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; content:"GET"; http_method; content:"/defended.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jyothishmathi.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343323)"; flow:established,from_client; content:"GET"; http_method; content:"/hoopoe.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thementordirectory.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343323/; classtype:trojan-activity;sid:82206423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343313)"; flow:established,from_client; content:"GET"; http_method; content:"/hare.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"thementordirectory.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343313/; classtype:trojan-activity;sid:82206413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343296)"; flow:established,from_client; content:"GET"; http_method; content:"/donate.php"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"thementordirectory.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343296/; classtype:trojan-activity;sid:82206396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; content:"GET"; http_method; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278586)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/j5fxvrf3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278586/; classtype:trojan-activity;sid:82141686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252888)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/v1jcezvd"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252888/; classtype:trojan-activity;sid:82115988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1252886)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/gz3wxtar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_18; reference:url, urlhaus.abuse.ch/url/1252886/; classtype:trojan-activity;sid:82115986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1230008)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/jnljbghz"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1230008/; classtype:trojan-activity;sid:82093108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223625)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/reqfy21x"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223625/; classtype:trojan-activity;sid:82086725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; content:"GET"; http_method; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1182816)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z|7c|26|7c|revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1182816/; classtype:trojan-activity;sid:82045916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1098623)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.171.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_03_29; reference:url, urlhaus.abuse.ch/url/1098623/; classtype:trojan-activity;sid:81961723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1010244)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bew39lta"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1010244/; classtype:trojan-activity;sid:81873344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (984502)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/g7vaue54"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_30; reference:url, urlhaus.abuse.ch/url/984502/; classtype:trojan-activity;sid:81847602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (961009)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/00aujclx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2021_01_14; reference:url, urlhaus.abuse.ch/url/961009/; classtype:trojan-activity;sid:81824109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (765703)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/lm/7cfvaaa9jo/"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/765703/; classtype:trojan-activity;sid:81628803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"xuezha.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756747)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/rrrv7ilgm2dzpohaklkhewb8rkju15bmqeewccglap/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756747/; classtype:trojan-activity;sid:81619847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756736)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/4ld2g8w3rrmhtgvvvpeq2orlcqm71yyxveriw5rzitvii3/"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756736/; classtype:trojan-activity;sid:81619836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733798)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/oct/w9hmkanqe5py4r/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ncxps.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733798/; classtype:trojan-activity;sid:81596898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; content:"GET"; http_method; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (593578)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/js/jquery/jquery.js"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"chuguadventures.co.tz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/593578/; classtype:trojan-activity;sid:81456678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; content:"GET"; http_method; content:"/enteihacking/mt/master/asycivic.jpg"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434311)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434311/; classtype:trojan-activity;sid:81297411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432722)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/xofsl/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432722/; classtype:trojan-activity;sid:81295822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/overview/sw94b26/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; content:"GET"; http_method; content:"/gttu/invoice/ujn3me8cye/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dweixin.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426974)"; flow:established,from_client; content:"GET"; http_method; content:"/images/t55prjrdcx/0y8615606244201084438n0kq7whr/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"seismophonic.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426974/; classtype:trojan-activity;sid:81290074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426390)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/open-0627720493640-azq24pffjrm/guarded-space/gxkx9t42ra6yf-6x7uyx330389w/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426390/; classtype:trojan-activity;sid:81289490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (424629)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kdgxnbhp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_08_05; reference:url, urlhaus.abuse.ch/url/424629/; classtype:trojan-activity;sid:81287729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.110.182.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_31; reference:url, urlhaus.abuse.ch/url/422650/; classtype:trojan-activity;sid:81285750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; content:"GET"; http_method; content:"/css/parts_service/ly944myw/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hitstation.nl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419868)"; flow:established,from_client; content:"GET"; http_method; content:"/paradiselost/statement/s7nr8p8ut/"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"damiancollier.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419868/; classtype:trojan-activity;sid:81282968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417815)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/znhs8f1m"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417815/; classtype:trojan-activity;sid:81280915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (417814)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/6xgqcgx8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_07_22; reference:url, urlhaus.abuse.ch/url/417814/; classtype:trojan-activity;sid:81280914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; content:"GET"; http_method; content:"/d35ha/processhide/master/bins/processhide32.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (374230)"; flow:established,from_client; content:"GET"; http_method; content:"/mmjbbs/673484/nqad_673484_01062020.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"xn--b1afiqif6c.xn--p1ai"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2020_06_02; reference:url, urlhaus.abuse.ch/url/374230/; classtype:trojan-activity;sid:81237330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368318)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/pdf.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368318/; classtype:trojan-activity;sid:81231418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368317)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/doc/774d0427cd607b1c09131cc277a68c9edd7cf01499d356bcb1ef4a08e6fc322a.doc"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368317/; classtype:trojan-activity;sid:81231417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368315)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/xerox01_pdf.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368315/; classtype:trojan-activity;sid:81231415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368312)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/doc/46cad0e0ca3b2d6d9d3ce691ca2887b18abc80acf0e81799fbb290cce104c8eb.doc"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368312/; classtype:trojan-activity;sid:81231412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368311)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/njrat.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368311/; classtype:trojan-activity;sid:81231411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368309)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/order_pdf.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368309/; classtype:trojan-activity;sid:81231409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368303)"; flow:established,from_client; content:"GET"; http_method; content:"/threatsim/exe/640.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"0022a601.pphost.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368303/; classtype:trojan-activity;sid:81231403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; content:"GET"; http_method; content:"/builds/offers/12.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"softcatalog.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; content:"GET"; http_method; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; content:"GET"; http_method; content:"/fta.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; content:"GET"; http_method; content:"/documeynt9897.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; content:"GET"; http_method; content:"/fvs.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vincentdemiero.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (308942)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-lm9-32/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_05; reference:url, urlhaus.abuse.ch/url/308942/; classtype:trojan-activity;sid:81172042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (306649)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/3waa9-ke38h-15/"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.chenwangqiao.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_03; reference:url, urlhaus.abuse.ch/url/306649/; classtype:trojan-activity;sid:81169749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (288508)"; flow:established,from_client; content:"GET"; http_method; content:"/omlakdj17fkcjfsd/common_module/security_lkveb9o0tx_wd3lhz42yf1slt/tlcs2lwhd3vo_38wyy7/"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"owlcity.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_01_14; reference:url, urlhaus.abuse.ch/url/288508/; classtype:trojan-activity;sid:81151608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; content:"GET"; http_method; content:"/about/lm/5oj0ss1de/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dezcom.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (267913)"; flow:established,from_client; content:"GET"; http_method; content:"/index_soubory/common_sector/external_area/61551354147_t4d0ky73jjywffgy/"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"oknoplastik.sk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_12_12; reference:url, urlhaus.abuse.ch/url/267913/; classtype:trojan-activity;sid:81131013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254737)"; flow:established,from_client; content:"GET"; http_method; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"cdn.xiaoduoai.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.244.113.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240550/; classtype:trojan-activity;sid:81103650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.konsor.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; content:"GET"; http_method; content:"/keygen.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"konsor.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222056)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/news/v1.0.7.31/news_01.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222056/; classtype:trojan-activity;sid:81085156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; content:"GET"; http_method; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"download.kaobeitu.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; content:"GET"; http_method; content:"/25072019_0963.xls"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; content:"GET"; http_method; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"files.constantcontact.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; content:"GET"; http_method; content:"/20.06.2019_130.22.doc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"fakers.co.jp"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (208009)"; flow:established,from_client; content:"GET"; http_method; content:"/domains/updateagent/application%20files/upagent.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"old.bullydog.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_12; reference:url, urlhaus.abuse.ch/url/208009/; classtype:trojan-activity;sid:81071109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hseda.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201513)"; flow:established,from_client; content:"GET"; http_method; content:"/wj1bsetup.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dl.dzqzd.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201513/; classtype:trojan-activity;sid:81064613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200129)"; flow:established,from_client; content:"GET"; http_method; content:"/lib/qxuserctrlsetup_1010.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"sta.qinxue.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_22; reference:url, urlhaus.abuse.ch/url/200129/; classtype:trojan-activity;sid:81063229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; content:"GET"; http_method; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"goto.stnts.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; content:"GET"; http_method; content:"/qrtb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xiaoma-10021647.file.myqcloud.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; content:"GET"; http_method; content:"/tqpjo/scan/uftruaemi2h/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"redlk.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/css/msg.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; content:"GET"; http_method; content:"/templates/theme261/html/com_contact/category/hp.gf"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"sk-comtel.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; content:"GET"; http_method; content:"/file/support/trust/en/042019/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"brightworks.cz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (168634)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/sec.myaccount.docs.biz/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"allister.ee"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_03_29; reference:url, urlhaus.abuse.ch/url/168634/; classtype:trojan-activity;sid:81031734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165554)"; flow:established,from_client; content:"GET"; http_method; content:"/secure.myacc.resourses.com/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165554/; classtype:trojan-activity;sid:81028654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; content:"GET"; http_method; content:"/i203611254b019514581.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"programandojuntos.us.tempcloudsite.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; content:"GET"; http_method; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (162770)"; flow:established,from_client; content:"GET"; http_method; content:"/artluz/produtos/sendincsec/support/sec/en_en/03-2019/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"alarmline.com.br"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_20; reference:url, urlhaus.abuse.ch/url/162770/; classtype:trojan-activity;sid:81025870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; content:"GET"; http_method; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl2.360tpcdn.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; content:"GET"; http_method; content:"/stats/f06bn-kgh24-ncoviajp/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (155567)"; flow:established,from_client; content:"GET"; http_method; content:"/rawabijob.hta"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"local-update.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_10; reference:url, urlhaus.abuse.ch/url/155567/; classtype:trojan-activity;sid:81018667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; content:"GET"; http_method; content:"/za.ebali"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mitreart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143834)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm_updater.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143834/; classtype:trojan-activity;sid:81006934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143833)"; flow:established,from_client; content:"GET"; http_method; content:"/hl2dm/hl2dm%5fupdater.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"update.bruss.org.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143833/; classtype:trojan-activity;sid:81006933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143333)"; flow:established,from_client; content:"GET"; http_method; content:"/css/out-1773725897.hta"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"globalbank.us"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143333/; classtype:trojan-activity;sid:81006433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; content:"GET"; http_method; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140791)"; flow:established,from_client; content:"GET"; http_method; content:"/bv5eh1ierp/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"augsburg-auto.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_02_20; reference:url, urlhaus.abuse.ch/url/140791/; classtype:trojan-activity;sid:81003891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; content:"GET"; http_method; content:"/data/box.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dusttv.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121258)"; flow:established,from_client; content:"GET"; http_method; content:"/28758658/2018/04/28/c4284a2a6c1b60247944a03cbaf930c5.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"cdn.file6.goodid.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_02_11; reference:url, urlhaus.abuse.ch/url/121258/; classtype:trojan-activity;sid:80984358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; content:"GET"; http_method; content:"/active/pcclear_eng_mini.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"down.pcclear.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; content:"GET"; http_method; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"airlife.bget.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115233)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun-guest.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115233/; classtype:trojan-activity;sid:80978333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sanghyun.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"sanghyun.nfile.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (114988)"; flow:established,from_client; content:"GET"; http_method; content:"/6iywkl5i_mg/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pobedastaff.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_31; reference:url, urlhaus.abuse.ch/url/114988/; classtype:trojan-activity;sid:80978088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"sg123.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/update.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"igra123.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; content:"GET"; http_method; content:"/files/haeum.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"haeum.nfile.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; content:"GET"; http_method; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"down.54nb.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110132)"; flow:established,from_client; content:"GET"; http_method; content:"/gcld/updates_tw/gcmgr_tw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"static.ilclock.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110132/; classtype:trojan-activity;sid:80973232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; content:"GET"; http_method; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"blogs.sokun.jp"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106006)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin128.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106006/; classtype:trojan-activity;sid:80969106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106003)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin133.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106003/; classtype:trojan-activity;sid:80969103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd156.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106000)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin130.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106000/; classtype:trojan-activity;sid:80969100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin142.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd124.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin141.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105996)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd127.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105996/; classtype:trojan-activity;sid:80969096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd145.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105991)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin140.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105991/; classtype:trojan-activity;sid:80969091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105988)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd144.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105988/; classtype:trojan-activity;sid:80969088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd136.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; content:"GET"; http_method; content:"/qcoin/qcoin139.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; content:"GET"; http_method; content:"/jd/jd137.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cdn-10049480.file.myqcloud.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105558)"; flow:established,from_client; content:"GET"; http_method; content:"/n/tui/ciqinmishi/6/cqms.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"bundle.kpzip.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105558/; classtype:trojan-activity;sid:80968658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; content:"GET"; http_method; content:"/hkhe3fktc/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"atkcgnew.evgeni7e.beget.tech"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; content:"GET"; http_method; content:"/drop/css/obr.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.myvcart.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (103702)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/pridmag/ttt/161485502.doc"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sdvgpro.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_01_15; reference:url, urlhaus.abuse.ch/url/103702/; classtype:trojan-activity;sid:80966802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; content:"GET"; http_method; content:"/autoguarder/autoguarder_2.3.7.350.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl4.360.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; content:"GET"; http_method; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"download.doumaibiji.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; content:"GET"; http_method; content:"/6nqq.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.hostingcloud.science"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; content:"GET"; http_method; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.ardguisser.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95633)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95633/; classtype:trojan-activity;sid:80958733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; content:"GET"; http_method; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"veryboys.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.okhan.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; content:"GET"; http_method; content:"/us/information/122018"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; content:"GET"; http_method; content:"/upload/20140812/14078161556897.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"static.3001.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94194)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"okhan.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94194/; classtype:trojan-activity;sid:80957294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92354)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92354/; classtype:trojan-activity;sid:80955454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/2"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"itssprout.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86730)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_29; reference:url, urlhaus.abuse.ch/url/86730/; classtype:trojan-activity;sid:80949830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; content:"GET"; http_method; content:"/076360tad/oamo/business"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"flyingmutts.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/rc1veeex.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; content:"GET"; http_method; content:"/tekiwanatain/installer.rar"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/a9to40e7.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-07/28/117228/4wtjdjio.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; content:"GET"; http_method; content:"/task/2009-06/06/98428/07c9mfhe.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"p3.zbjimg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (84040)"; flow:established,from_client; content:"GET"; http_method; content:"/0415jbrob/sep/smallbusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.udobrit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_11_23; reference:url, urlhaus.abuse.ch/url/84040/; classtype:trojan-activity;sid:80947140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (82382)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e8%99%9a%e6%8b%9f%e5%85%89%e9%a9%b1_11@10349.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"cl.ssouy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_19; reference:url, urlhaus.abuse.ch/url/82382/; classtype:trojan-activity;sid:80945482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79623)"; flow:established,from_client; content:"GET"; http_method; content:"/urzfhrbbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vagler.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79623/; classtype:trojan-activity;sid:80942723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; content:"GET"; http_method; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"attach.mail.daum.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (73301)"; flow:established,from_client; content:"GET"; http_method; content:"/table.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.68.170.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_02; reference:url, urlhaus.abuse.ch/url/73301/; classtype:trojan-activity;sid:80936401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (73302)"; flow:established,from_client; content:"GET"; http_method; content:"/worming.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.68.170.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_02; reference:url, urlhaus.abuse.ch/url/73302/; classtype:trojan-activity;sid:80936402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (73287)"; flow:established,from_client; content:"GET"; http_method; content:"/radiance.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.68.170.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_02; reference:url, urlhaus.abuse.ch/url/73287/; classtype:trojan-activity;sid:80936387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; content:"GET"; http_method; content:"/nykol16/kepek.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; content:"GET"; http_method; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; content:"GET"; http_method; content:"/autoup/client/aqclient.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pay.aqiu6.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; content:"GET"; http_method; content:"/toneraruhaz/wp-admin/network/installer.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66164)"; flow:established,from_client; content:"GET"; http_method; content:"/fvlmodell/letoltes/files/scalecalc.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"users.atw.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66164/; classtype:trojan-activity;sid:80929264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; content:"GET"; http_method; content:"/vqd0d5/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; content:"GET"; http_method; content:"/factures-09-2018/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hasalltalent.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; content:"GET"; http_method; content:"/document/en/need-to-send-the-attachment"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; content:"GET"; http_method; content:"/7mn5zo8d/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vgd.vg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44461)"; flow:established,from_client; content:"GET"; http_method; content:"/5805773c/payment/personal"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_20; reference:url, urlhaus.abuse.ch/url/44461/; classtype:trojan-activity;sid:80907561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (44113)"; flow:established,from_client; content:"GET"; http_method; content:"/663752sludgz/oamo/us/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ct3-24.ru"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2018_08_17; reference:url, urlhaus.abuse.ch/url/44113/; classtype:trojan-activity;sid:80907213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; content:"GET"; http_method; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (37232)"; flow:established,from_client; content:"GET"; http_method; content:"/tpkmgecq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_31; reference:url, urlhaus.abuse.ch/url/37232/; classtype:trojan-activity;sid:80900332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36522)"; flow:established,from_client; content:"GET"; http_method; content:"/files/en/statement/invoice/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_28; reference:url, urlhaus.abuse.ch/url/36522/; classtype:trojan-activity;sid:80899622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (36154)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en_us/invoice-for-sent/invoice/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_26; reference:url, urlhaus.abuse.ch/url/36154/; classtype:trojan-activity;sid:80899254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34267)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34267/; classtype:trojan-activity;sid:80897367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34227)"; flow:established,from_client; content:"GET"; http_method; content:"/notification-de-facture-07/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34227/; classtype:trojan-activity;sid:80897327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (34102)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/en/account/auditor-of-state-notification-of-eft-deposit"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"xn--90abegbttpjb3bzb2j.xn--p1ai"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2018_07_18; reference:url, urlhaus.abuse.ch/url/34102/; classtype:trojan-activity;sid:80897202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; content:"GET"; http_method; content:"/mc_setup.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"crimefreesoftware.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; content:"GET"; http_method; content:"/doc/past-due-invoice/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; content:"GET"; http_method; content:"/status/auditor-of-state-notification-of-eft-deposit/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"robertrowe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;) # Number of entries: 18039